On Tue, Jul 8, 2014 at 5:47 PM, William ML Leslie < [email protected]> wrote:
> This is my understanding too. You can do sensible security whether you > admit downcasting or not, and if you don't have to give it up why would > you? Really it is much of a muchness, besides questions about identity. > You can, but it becomes a feature that you then have to think about constantly to make sure its use doesn't bite you in the ass. If you are handing a reference across a "suspicious" interface boundary, its best to *think* of it has handing over a leaf class reference. >From a security perspective, it's better to eliminate such worries from the beginning, or at least narrow the number of places where attention must be paid. The real question, as I attempted to say elsewhere, is: "is this the right conceptual layer at which to be thinking about mutual suspicion?" shap
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
