
MUMPS Instance - RKFerguson
Hi Folks.   Looking for information on methods, tools, utilities, etc., that facilitate establishing and maintaining a secure baseline for MUMPS instances, e.g., static code analysis tools, syntax parsers&#x2F;checkers, vulnerability scanners, etc.<p>Respectfully.<p>Fergie
======
whitten
This is a great question. MUMPS traditionally have been a container type
language with a self-contained instance where the data and programs are built
into the container. The language requirements that math operations have to be
exact to fifteen significant digits make it a good base for financial systems,
and the flexible sparse data structures using multi-indexing by strings of
characters allow it to be used in medical systems. Both of these types of
applications require high availability and self-repair of faults, (effectively
24/7/365) with high response time.

Static code analysis is sometimes possible with the understanding that there
are language elements that require lazy evaluation of expressions, and a
dynamic symbol table of variables, as the language allows for explicit removal
of variables from the symbol table.

Unusually for the syntax of a lot of languages this is a language where
whitespace is significant, which makes syntax parsing and checking much more
attainable.

As to vulnerability scanning and security, there is no language element which
allows direct memory manipulation, such as the C pointer, and all I/O has
protections against buffer overflows built into those commands. Passing
parameters to subroutines has constraints that mitigate many security exploits
as well. The language supports a high degree of backward compatibility and
static semantics whereby old code works in the same way it always has,
precluding an attack using changing semantics to take over a system.

The Department of Veterans Affairs has a toolset that facilitates code
analysis (^XINDEX) and distribution of code and data (KIDS), with other
programming environments providing other toolsets.

There is a lot more than this about the language. If you have any questions,
I'd gladly answer them.

