From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id RAA00733; Sat, 28 Feb 2004 17:37:05 +0100 (MET) X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id RAA01879 for ; Sat, 28 Feb 2004 17:37:04 +0100 (MET) Received: from mwinf0201.wanadoo.fr (smtp2.wanadoo.fr [193.252.22.29]) by concorde.inria.fr (8.12.10/8.12.10) with ESMTP id i1SGb3ae022111 for ; Sat, 28 Feb 2004 17:37:03 +0100 Received: from morgana (ARennes-303-1-6-136.w80-13.abo.wanadoo.fr [80.13.129.136]) by mwinf0201.wanadoo.fr (SMTP Server) with ESMTP id 15A07300042B for ; Sat, 28 Feb 2004 17:37:03 +0100 (CET) Received: from david by morgana with local (Exim 4.30) id 1Ax7SX-0000gQ-4I for caml-list@inria.fr; Sat, 28 Feb 2004 17:37:01 +0100 To: caml-list@inria.fr Subject: Re: [Caml-list] How to secure an OCaml server References: <87llmnme9b.fsf@linux-france.org> From: David MENTRE Organization: none Date: Sat, 28 Feb 2004 17:37:01 +0100 In-Reply-To: <87llmnme9b.fsf@linux-france.org> (David MENTRE's message of "Sat, 28 Feb 2004 16:10:08 +0100") Message-ID: <87d67zma8i.fsf@linux-france.org> User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Miltered: at concorde by Joe's j-chkmail ("http://j-chkmail.ensmp.fr")! X-Loop: caml-list@inria.fr X-Spam: no; 0.00; caml-list:01 dmentre:01 dmentre:01 buffer:01 explicitely:01 ocaml:01 ocaml:01 writes:01 mentre:01 mentre:01 overflow:02 anybody:03 probably:05 received:93 usual:07 Sender: owner-caml-list@pauillac.inria.fr Precedence: bulk David MENTRE writes: > I would like to secure my server against usual attacks (buffer overflow, > etc.). > > While there is plenty of doc for C and C++, there is nothing for > OCaml. At what kind of issues should I look to avoid attacks? Has > anybody written a documentation or a tool to secure OCaml applications? Judging from answers I've received, I've probably been not clear enough. I know that the security topic is large but I've explicitely not mentionned cryptographic issues (authentication, information hiding, etc.). I just want to secure my server enough so that a bad guy can't crash it or launch a shell with it. I've left other security topics to the near future. I'm not the first one to write a server in OCaml, so I wanted to use experience of previous work. If nobody has written such a document, I'll might give it a try. Any useful comments still appreciated, Yours, d. -- David Mentré ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners