[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] WAS Protect update
> This looks nice. Its along the lines of what I have been thinking, but
> havent had any time to convey to anyone. The only issue I might bring up
> is that instead of creating a whole new language to write the protection
> detectors in could we use something like JavaScript? The rhino engine
> from mozilla would make it pretty easy to create an engine for this in
> both Java and C...
It's a valid point, and one I've been wrestling with myself. Here's
how I see the problem (from the point of view of my previous
email):
CONS
* New language to learn. It is XML but still an engine needs to
be developed.
* XML syntax is not quite suitable for a programming language. In
order to keep it simple I've tried to limit the number of
constructs. This makes Javascript much more powerful. Will
these construct be enough to satisfy our future needs?
PROS
* Is it realistic to have a JS interpreter embedded in a Web
server? I have doubts about the size and doubts about the
speed of execution. The simplicity of the new language works
for us because rules can be translated into fast p-code.
* I don't think Javascript is something web servers administrators
will want to use (then again, the XML syntax isn't much better
either).
* It's likely vendors will have their own proprietary signatures.
Converting among them will probably not be possible with
Javascript.
...
The points above convinced me to go with the XML syntax. They
didn't make me happy, though.
--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]