Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [tor-talk] Programming language for anonymity network

David Rajchenbach-Teller dteller at mozilla.com
Fri Apr 18 02:34:24 PDT 2014


On 18/04/14 11:30, Aymeric Vitte wrote:
[...]
> - nodejs is easy to audit (assuming that modules like V8 can be
> audited), you can override node's functions/objects if you like
[...]

Actually, in my mind, that's one point against safety of Node.js
applications. Redefining, say, Array.prototype.forEach is a good way to
introduce hard-to-track bugs. Doubly so if this is done silently by
importing a package (almost sure the latter is possible, but I haven't
actually checked).

Cheers,
 David

-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla




More information about the liberationtech mailing list