|
|
|
|
|
|
by lmm
3736 days ago
|
|
|
Interpretation does not prevent typing, and machine code is an execution format. The right thing in any language is: express the operations that you are going to perform in a form that clearly distinguishes between values that represent different varieties of thing. (Types make this easier, otherwise you have to implement more of it yourself). You talk about code and data as though they were the only things, but they're not; getting one variety of data when you were expecting another variety can just as easily lead to security bugs as getting code instead of data or vice versa. Sanitization very rarely works - and in the rare cases where it does, it still indicates a deficiency in the underlying model. |
|
|