'''Purpose of this page:'''

''Provide pointers to security-related informations that show Tcl is doing the right thing.''

[Sarnold]: although lots of system applications are written in [C]/[C++], we can consider that writing a new application in these languages is a lot more work, and lead to security holes.

And scripting languages are now strong, so according to [Ousterhout's Dichotomy], we should write in [C]/[C++]/[Java] the critical part of the application that cannot be written in a scripting language, or would be unbeareably slow.

The rest of this page is trying to compare [Tcl] security against other programming languages to serve [Tcl marketing]. (Of course, we will exclude [C]/[C++]/whatever compiled language from this comparison)

----
   * [Tcl is immune to many "format string vulnerabilities"]
   * Tcl programs are immune to buffer overflows (as long as the Tcl interpreter is)
   * [Safe interps] makes it possible to run user-defined scripts without fearing an attack.

'''About safe interps''': it is a feature missing in almost every other language ([Java] has a similar functionality, but with such complexity that I cannot even think of it).

   * You do not have to check ''nil''s as in [Java], [Python], [Lua]...
   * 

----
[[ [Tcl Marketing] | [Category Security] ]]