Making web programming easier and more secure
MIT researchers have taken several stabs at creating programming languages that "auto-complete".
One example is a programming language called Sketch, developed by Armando Solar-Lezama, an associate professor in MIT's Department of Electrical Engineering and Computer Science. Sketch automatically fills in some programming gaps when programmers omit parts of their code.
On Wednesday, another MIT researcher unveiled a somewhat different approach. Professor of software technology Adam Chlipala has described a new programming language called Ur/Web, which allows web applications to be developed as executable programs.
Ur/Web's language compiler then generates the required XML, style-sheet specifications, JavaScript, and database code, taking the pain out of keeping track of how these elements interact and exchange data.
Chlipala said Ur/Web not only makes web applications easier to write, it also makes them more secure.
"Let's say you want to have a calendar widget on your web page, and you're going to use a library that provides the calendar widget, and on the same page there's also an advertisement box that's based on code that's provided by the ad network," Chlipala said.
"What you don't want is for the ad network to be able to change how the calendar works or the author of the calendar code to be able to interfere with delivering the ads."
Chliplala says Ur/Web overcomes weaknesses in many web development frameworks because any new variable that a programmer defines is constrained to a particular data type, just like in full-blown programming languages such as C++ or Java.
"You might want to write a library that has inside of it as private state the database table that records usernames and passwords," Chlipala said. "You don't want any other part of your application to be able to just read and overwrite passwords. Most web frameworks don't support that style. They assume that every part of your program has complete access to the database."
Chliplala said that while the Ur/Web compiler automatically generates XML, JavaScript, and SQL code in its current version, it doesn't produce style sheets.