A huge amount of work has been done in this area in the capability
security world. See for instance the reference to Mark Miller's
thesis in the footnotes of
http://en.wikipedia.org/wiki/Object-capability_model
A short summary of capability security is that checking permissions is
error prone.
On Wed, Aug 10, 2011 at 7:35 PM, BGB cr88...@gmail.com wrote:
not all code may be from trusted sources.
consider, say, code comes from the internet.
what is a good way of enforcing security in such a case?
Object capability security is probably the very best approach available
today - in
On 8/11/2011 10:08 AM, Monty Zukowski wrote:
A huge amount of work has been done in this area in the capability
security world. See for instance the reference to Mark Miller's
thesis in the footnotes of
http://en.wikipedia.org/wiki/Object-capability_model
A short summary of capability security
On Thu, Aug 11, 2011 at 1:07 PM, BGB cr88...@gmail.com wrote:
this would have a notable impact on the design of an HLL (and couldn't just
be retrofitted onto an existing traditional OO language such as ActionScript
or C#).
That's a fair point. Some projects such as Joe-E [1] achieve
On 8/11/2011 12:55 PM, David Barbour wrote:
On Wed, Aug 10, 2011 at 7:35 PM, BGB cr88...@gmail.com
mailto:cr88...@gmail.com wrote:
not all code may be from trusted sources.
consider, say, code comes from the internet.
what is a good way of enforcing security in such a case?
On Thu, Aug 11, 2011 at 04:00:21PM -0300, Jecel Assumpcao Jr. wrote:
The original Smalltalk-80 from Xerox used CR as its line separation
character, but the really big external influence on Apple was UCSD
Pascal which shared that convention. Apple, however, (along with
Commodore and Tandy/Radio
On Thu, Aug 11, 2011 at 08:58:19PM -0400, Kragen Javier Sitaker wrote:
The [Pick][] operating system (devoted to business data processing on
minicomputers, mostly) is the only thing I know of that used such a thing in
its normal file format: a Pick file is like a Unix directory, containing
I feel obligated to comment on usage of MD5 for any security purpose:
http://www.codeproject.com/KB/security/HackingMd5.aspx
On Thu, Aug 11, 2011 at 19:06, BGB cr88...@gmail.com wrote:
On 8/11/2011 12:55 PM, David Barbour wrote:
On Wed, Aug 10, 2011 at 7:35 PM, BGB cr88...@gmail.com wrote:
On Thu, Aug 11, 2011 at 5:06 PM, BGB cr88...@gmail.com wrote:
the big problem though:
to try to implement this as a sole security model, and expecting it to be
effective, would likely impact language design and programming strategy, and
possibly lead to a fair amount of effort WRT hole
On 8/11/2011 7:35 PM, Tristan Slominski wrote:
I feel obligated to comment on usage of MD5 for any security purpose:
http://www.codeproject.com/KB/security/HackingMd5.aspx
but, to be fair, that is a fairly contrived example...
it is at least not like, say, Adler-32 or CRC-32 where one can
On 8/11/2011 8:16 PM, David Barbour wrote:
On Thu, Aug 11, 2011 at 5:06 PM, BGB cr88...@gmail.com
mailto:cr88...@gmail.com wrote:
the big problem though:
to try to implement this as a sole security model, and expecting
it to be effective, would likely impact language design and
11 matches
Mail list logo