'''Purpose of this page:''' ''Provide pointers to security-related informations that show Tcl is doing the right thing.'' [Sarnold]: although lots of system applications are written in [C]/[C++], we can consider that writing a new application in these languages is a lot more work, and lead to security holes. And scripting languages are now strong, so according to [Ousterhout's Dichotomy], we should write in [C]/[C++]/[Java] the critical part of the application that cannot be written in a scripting language, or would be unbeareably slow. The rest of this page is trying to compare [Tcl] security against other programming languages to serve [Tcl marketing]. (Of course, we will exclude [C]/[C++]/whatever compiled language from this comparison) ---- * [Tcl is immune to many "format string vulnerabilities"] * Tcl programs are immune to buffer overflows (as long as the Tcl interpreter is) * No Y2K bug * Full [Unicode] support, where most other languages need special syntax and still have problems handling UTF-8 strings. * [Tcl] can be compiled with [Thread]s. [AOLServer] has been multithreaded long before [Apache]/[PHP]. * Backwards-compatibility: Tcl provides the best effort in this dimension. * [Safe interps] makes it possible to run user-defined scripts without fearing an attack. '''About safe interps''': it is a feature missing in almost every other language ([Java] has a similar functionality, but with such complexity that I cannot even think of it). * You do not have to check ''nil''s as in [Java], [Python], [Lua]... * It is easy to manage Tcl [package]s. With [starkit]s and [starpack]s, deployment is easy. You would not ask yourself a long time what package is outdated or missing to make work your application. * [Prowrap] and [ActiveState] tools can encrypt the sources. * Although there is no official debugger, interactive debugging in [GUI] mode is terrific. Just embed [tkcon] in your project and you have a full control on your application under your fingertips. * ... ---- [[ [Tcl Marketing] | [Category Security] ]]