At 12:04 PM 7/25/2006 +1200, Greg Ewing wrote: >Phillip J. Eby wrote: > > > When I say "name checker" I mean the Zope type that allows you to > specify a > > list of names that are allowed for a given object. This allowing is not > > based on identity or code signing or anything like that. It's just a list > > of attribute names: i.e. a capability mask over an existing object. > >But this is backwards from what a true object-capability >system should be like if it's properly designed. Instead >of starting with too-powerful objects and trying to >hide some of their powers, the different powers should >be separated into different objects in the first place. And what about code that needs to pass on a subset of a capability? You need the ability to create such capability-restricted subsets anyway, no matter how "pure" a system you start with. And being able to create capability masks for existing objects means you don't have to redesign every piece of code ever written for Python to make it secure. >It sounds to me like Zope is using the approach it's >using because it's having to work with Python as it >currently is, not because its approach is the best one. Well, that depends a lot on how you define "best". Practicality beats purity, doesn't it? ;)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4