David Roundy wrote:
Try
module Secret (Secret, classify, declassify)
where
data Secret a = Secret String a
classify :: String - a - Secret a
classify pw x = Secret pw x
declassify :: Secret a - String - Maybe a
declassify (Secret pw x) pw' | pw' == pw = Just x
declassify (Secret _ _) _ = Nothing
instance Monad Secret where
return = classify
(Secret pw x) = f = case f x of
Secret _ y - Secret pw y
Now return itself doesn't assign a password, but you can classify
something
manually, and then perform computations on that data in a safe manner.
It's just as safe as your code, because the constructor of secret is
hidden
which hides the password just as well as the data.
What should 'q = r' mean, when 'q' and 'r x' are secrets with different
passwords? In the code above, the result is a secret with the same
password as 'q'. This allows you to declassify any secret without knowing
its password:
break :: Secret a - a
break q = fromJust $ declassify (classify bloep () q) bloep
.
--
Mr. Pelican Shit may be Willy.
^
/e\
---
___
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe