David Roundy wrote: > Try > >>module Secret (Secret, classify, declassify) >>where >> >>data Secret a = Secret String a >> >>classify :: String -> a -> Secret a >>classify pw x = Secret pw x >> >>declassify :: Secret a -> String -> Maybe a >>declassify (Secret pw x) pw' | pw' == pw = Just x >>declassify (Secret _ _) _ = Nothing >> >>instance Monad Secret where >> return = classify "" >> (Secret pw x) >>= f = case f x of >> Secret _ y -> Secret pw y > > Now return itself doesn't assign a password, but you can classify > something > manually, and then perform computations on that data in a safe manner. > It's just as safe as your code, because the constructor of secret is > hidden > which hides the password just as well as the data.
What should 'q >>= r' mean, when 'q' and 'r x' are secrets with different passwords? In the code above, the result is a secret with the same password as 'q'. This allows you to declassify any secret without knowing its password: break :: Secret a -> a break q = fromJust $ declassify (classify "bloep" () >> q) "bloep" . -- Mr. Pelican Shit may be Willy. ^ /e\ --- _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe