Security Features
2010-12-11
Introduction
The security features in Mana are actually mostly things that are not there. For example, there is no way to create programs that contain buffer overflows, the standard library does not contain any functions that are susceptible to format string or injection vulnerabilities, and you'll have to work hard to get programs to forget to release resources or access resources after they have been released. In other words, Mana makes it hard to make certain mistakes, and this, in turn, makes it harder to write insecure software.
On the other hand, Mana also provides building blocks that can be used to improve security. The standard provides functions for common idioms such as securely creating temporary files. Many programming errors can be detected by the type checker before the program ever gets to run. When things do go wrong, exceptions make sure that the error is either handled or causes the program to abort before further harm can be done.