Web browser in Ada
in [ADA]
|
Prev: gnatmake problem
Next: Ada help file indexed by keyword
From: Gautier write-only on 23 Apr 2010 04:03 There are discussions from time to time, since very long, about writing a Web browser in Ada. The main idea would have a safe browser. Actually today's issues about security in Web browsers remarkably seem of the same kind as ten years ago, just a bit more frequent and acute. Did someone give a try ? I guess the following libraries would be considered: - AWS, for the HTTP requests - GtKAda, for a portable GUI - the least possible bindings and the most possible Ada code for decoding images and other contents _________________________________________________________ Gautier's Ada programming -- http://sf.net/users/gdemont/ NB: For a direct answer, e-mail address on the following web site: http://www.fechtenafz.ethz.ch/wm_email.htm
From: Gautier write-only on 23 Apr 2010 17:33 > Could you refer to an existing browser vulnerability that is related > to the core browser engine and that would be avoided by choosing > another language? > (I'm genuinely interested) It is a very good question, that should be solved before jumping into such a time-consuming project :-). My impression is that a good part of vulnerabilities are indeed within plug-ins, another good part is between the browser and a plug-in (typically, browser X need to be patched but not the others nor the plug-in), and the third part, important as well, is about CSS, JavaScript, image storage or decoding, XML, HTML parsing and other core parts of browsers. I had a glimpse on: http://www.mozilla.org/security/known-vulnerabilities/ and a randomly with http://www.google.com/search?q=browser+security+update Hopefully someone more knowledgeable than me can answer your question, or give percentages to the parts above... G.
From: Peter C. Chapin on 23 Apr 2010 20:38 Gautier write-only wrote: > My impression is that a good part of vulnerabilities are indeed within > plug-ins, another good part is between the browser and a plug-in > (typically, browser X need to be patched but not the others nor the > plug-in), and the third part, important as well, is about CSS, > JavaScript, image storage or decoding, XML, HTML parsing and other > core parts of browsers. I had actually thought that building a web browser in Ada would be a nice project (if only I had more time!). I'm not sure how much of a difference in security it would make... probably some. Any browser that could be realistically used would need to support JavaScript. While an Ada JavaScript implementation might (or might not) be more secure than a C implementation, it seems to me that any vulnerability related to the JavaScript language itself would still be a risk. In any case, the real benefit of such a project would be more in the development of associated libraries and supporting code (imagine processing, HTML parsing and rendering, CSS handling, etc, etc)... and in the visibility a successful project would give to Ada. I suspect Ada was first standardized before many current web developers were born; it might be fun to see what sort of reception an Ada web browser project would get in that community. Anyway a good first step might be the implementation of an HTML 5 parser in Ada. Rather than playing catch-up that would put an Ada web browser project right in the thick of the bleeding edge of the web world. Peter
From: leonid on 24 Apr 2010 05:51 On Apr 23, 11:03 am, Gautier write-only <gautier_niou...(a)hotmail.com> wrote: > There are discussions from time to time, since very long, about > writing a Web browser in Ada. > The main idea would have a safe browser. > Actually today's issues about security in Web browsers remarkably seem > of the same kind as ten years ago, just a bit more frequent and acute. > Did someone give a try ? > I guess the following libraries would be considered: > - AWS, for the HTTP requests > - GtKAda, for a portable GUI > - the least possible bindings and the most possible Ada code for > decoding images and other contents > _________________________________________________________ > Gautier's Ada programming --http://sf.net/users/gdemont/ > NB: For a direct answer, e-mail address on the following web site:http://www.fechtenafz.ethz.ch/wm_email.htm Hi, you may try Webkit example in Qt4ada , as a simple web browser http://users1.jabry.com/adastudio/index.html Leonid
From: Gautier write-only on 25 Apr 2010 01:38
Peter C. Chapin: > I had actually thought that building a web browser in Ada would be a nice > project (if only I had more time!). I'm not sure how much of a difference in > security it would make... probably some. > Any browser that could be realistically used would need to support JavaScript. > While an Ada JavaScript implementation might (or might not) be more secure > than a C implementation, it seems to me that any vulnerability related to the > JavaScript language itself would still be a risk. Maybe it is a bit naive, but I have the impression that JavaScript's vulnerability can be limited to the interaction with the surronding operating system: file I/O and code execution (this includes starting a plug-in). > In any case, the real benefit of such a project would be more in the > development of associated libraries and supporting code (imagine processing, > HTML parsing and rendering, CSS handling, etc, etc)... Sure. For images, I could provide some bits (some of them existing), even in a generic way (reusable for other projects, GUIs etc.). > and in the visibility > a successful project would give to Ada. I suspect Ada was first standardized > before many current web developers were born; it might be fun to see what > sort of reception an Ada web browser project would get in that community. Just remind them that the current browsers are made in a language their grandparents were already using :-). > Anyway a good first step might be the implementation of an HTML 5 parser in > Ada. Rather than playing catch-up that would put an Ada web browser project > right in the thick of the bleeding edge of the web world. But probably when there will be something working you will have to catchup with HTML 8 :-) Just kidding. It is a very good idea, especially that the W3C specification gives also hints about the parsing. G. |