## Program language in which every every string generated by its grammar is a nicely running program?

Was wondering if there is a programming language out there such that every string generated by its grammar (the grammar is given as well) is a program that does not crash.

This is so that the set of all possible programs (that don’t crash) on the machine, in that language, is generated by the grammar and the grammar generates exactly those programs.

## Adding to the query string via input

I have a form that takes multiple input fields and makes an API request via GET.

The fields are not properly sanitizing input and I am able to add arbitrary parameters to the query string by submitting input such as test&color=red.

Instead of some sort of encoding, the resulting API query looks like api.com/search?field=search&color=red

I cannot think of any malicious use to this, as anybody could just hit this endpoint directly or use a proxy to bypass any client side validation.

If you were performing an application review, is this something that might be worth calling out?

## Proving a pattern exist in a string without revealing where

Some time ago i read the following problem (i don’t remember the article from which i read it from) :

“Suppose you are given a picture where the goal is to find waldo (from the game where is waldo), you search for a bit and don’t find him so you become suspicious of the fact that waldo actually is in the picture, how can one prove to you that waldo indeed is without revealing where ? Well one can just take a very big sheet of paper, bore a hole inside it and place this sheet of paper on top of your picture so that waldo’s head appears inside the hole.”

My question is how could one transfer this idea to a mathematical concept ? One idea would be something along the lines of :

• Let L be some language in complexity class C

• given $$a_1 , a_2 , … a_n$$ can one prove to you that there is a $$i$$ for which $$a_i \in L$$ without revealing for which $$i$$ it stands

However this falls short as it stands right now because one can just feed the same input $$a$$ n times for which it wishes to know appartenance to class L. So we either need to consider specific complexity class C for which the problem becomes interesting or loosen the condition of “non disclosure”, and it doesn’t seem that obvious. Or we could just change paradigm, my question is just how to convert the waldo idea to a computationnal model, i suspect the approach i gave isn’t the right one.

## Is it decidable whether Turing Machine never scans any tape cell more than once when started with given string

The problem:

Is it decidable that the set of pairs $$(M,w)$$ such that TM $$M$$, started with input $$w$$, never scans any tape cell more than once.

How can I easily prove above to be decidable. I found following proof confusing:

How is $$l+m$$ is upper bound on number of steps? I feel we should be doing at least $$l\times 𝑄\times \Gamma\times\{𝐿,𝑅\}+1$$ steps ($$Q$$ being number of states,$$\Gamma$$ being set of tape alphabet, $$l$$ is string length, $$L$$ and $$R$$ are head movement directions).

## SQL injection using URL query string (web application/php server)

Hacker is trying to attack the site by using the following SQL injection query to get the SQL version.

Using URL site. example:

www.abc.com/?queryParamString=(SELECT 9701 FROM(SELECT COUNT(*),CONCAT(0x71787a7171,(SELECT (ELT(9701=9701,1))),0x71767a6271,FLOOR(RAND(0)*2))X FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY X)a) 

In my application, I am using prepared statmenets that queryParamString as a clear text into DB without any side effects.

My question:

• Is there any best practices to sanitize the URL when PHP server receives a request to render the page.
• Or any client-side practices?
• Any pointers on how to prevent or how you would deal with this kind of attack

## Does StackGuard prevent Format String Attacks

I am aware that Format String Attacks work by having a vulnerable function which allows the user to read values from the stack using %x and write by using %n.

Since one of the goals of a Format String Attack can be to overwrite the address of a function in the Global Offset Table, I was wondering does StackGuard prevent this?

I know that StackGuard protects save-return addresses of functions to be overwritten, however, will it help against a Format String Attack if that attack aims to change the GOT values?

## does a non-terminated string count as a token in c?

so, I am preparing for an exam which includes lexical analysis from compiler design. I was wondering what is the number of tokens in the following code-

int main() {   /* comment   printf("Hello */ There ");*/   return 0; } 

so, I am thinking upto first “*/” it will be a multiline comment, so, after “there” a string will start without terminating. will the last string is counted as a token?

## Understanding PDA for odd length string with middle symbol 0

I came across this pdf, which describes the language of odd length string with middle symbol 0 as follows:

Doubts:

1. I dont understand the transition labels. In standard resources like books by Ullman et al, Linz and in wikipedia, the transition labels take following form:

• $$a,b/ab$$ means if next input symbol is $$a$$ and current stack top is $$b$$, then push $$a$$ on $$b$$
• $$a,b/\epsilon$$ means if next input symbol is $$a$$ and current stack top is $$b$$, then pop $$b$$
• $$a,b/a$$ means if next input symbol is $$a$$ and current stack top is $$b$$, then pop $$b$$ and push $$a$$

I dont get meaning of transition labels in diagram $$a,b\rightarrow c$$. Some one explained me that its, if next next input symbol is $$a$$, pop $$b$$ and push $$c$$. I feel, if this interpretation is correct, then this notation is insufficient as it will describe both $$a,b/ab$$ and $$a,c/ac$$ as $$a,\epsilon\rightarrow a$$. Am I right with this, or I understood the notation incorrectly?

2. Assuming above interpretation to be correct, loop on $$q_1$$ pushes all input symbols, be it 1 or 0. Then for $$0$$ at any position (not necessarily middle position), it transits to $$q_2$$. Loop at $$q_2$$ pops all symbols. I dont get how above PDA forces middle symbol to be $$0$$. Also I dont get how it ensures length of $$w$$ is odd.

3. If given PDA is incorrect, can we prepare correct one by re-labelling as follows:

• Loop at $$q_0$$: $$\{(1, /1);(0, /1);(0,0/00);(0,1/01);(1,0/10);(0,1/01)\}$$
• Transition $$q_0-q_1$$: $$\{(0,0/0);(0,1/1)\}$$
• Loop at $$q_2$$: $$\{(0,0/\epsilon);(0,1/\epsilon);(1,0/\epsilon);(1,1/\epsilon)\}$$

So, its CFL not deterministic CFL, right?

## How to set IP segment and connection string with IPv6?

For this PostgreSQL configuration example:

https://repmgr.org/docs/4.4/quickstart-authentication.html

    local   replication   repmgr                              trust     host    replication   repmgr      127.0.0.1/32            trust     host    replication   repmgr      192.168.1.0/24          trust      local   repmgr        repmgr                              trust     host    repmgr        repmgr      127.0.0.1/32            trust     host    repmgr        repmgr      192.168.1.0/24          trust 

I have two questions.

# Question 1

This is IPv4 type: 192.168.1.0/24.

How to do with an IPv6 IP like: 230b:c010:103:5858:a6a3:3:0:1?

# Question 2

If use jdbc to connect a PostgreSQL server can make string as 192.168.1.11:5432. How to do with IPv6? Is it like 230b:c010:103:5858:a6a3:3:0:1:5432?

## Can string comparison realistically be exploited in a timing attack on a web server?

Suppose you have the following code in Node:

const { token } = req.body const hash = crypto.createHmac('sha256', SECRET).update(token).digest('hex') const user = await User.findById(req.session.userId)  if (hash === user.rememberMeHash) {/*...*/} 

The string comparison above is deemed vulnerable to a timing attack because it can leak the character position on a mismatch, so the correct way is

// Hashes are already equal in length because the same hash function was used if (crypto.timingSafeEqual(new Buffer(hash), new Buffer(user.rememberMeHash)) 

While true in principle, I can’t see how this leak is practically possible. To get reliable time measurements, you’d need to

• isolate the code snippet to avoid interference from side effects (request handling, Express routing, DB queries);
• run a large number of empirical tests in a strictly identical environment (same CPU & memory usage, processes, OS);
• have access to a local server instance that has no traffic or intervention from outside.

None of these are realistic in a distributed system, much less to an attacker with no privileged access and no knowledge of the specific hashing algorithms and secret keys employed.

In practice, you will necessarily get varying and inconsistent results when timing any code, particularly one that is just-in-time compiled like JavaScript. This is well understood in algorithm analysis which doesn’t directly measure algorithm runtime because these measurements are acutely sensitive to the underlying hardware, software, compiler, language, etc. In this particular case, compared to a database query or a network call (or even script processing when running node binary on a .js file), string comparison takes a minuscule amount of CPU time to process.

Now, also consider that the above code runs across a cluster of servers behind a load balancer. As such, HTTP response times will vary depending on other incoming and ongoing requests (i.e. website traffic), background processes, hosting provider uptime, network fluctuations (e.g. speed drops), use of Tor or a VPN, and hundreds of other factors.

Considering a real-world web server architecture, how can a mere string comparison ever be exploited in a timing attack?