Re: Re: Re: Re: Re: Re^3: Naming Subs

Hm. In your code, you have to explicitly exclude the subs, or put them in a different pacakge.

No, I was saying that I wouldn't be dumb enough to let a loser win by saying "win" to my interpreter. That hasn't changed.

In a hash-based implementation, you have to explicltly put the subref in the hash.

You are saying that you wouldn't allow anyone to win until you installed the "win" subroutine reference into the oh-so-huge hash in your script? That's interesting.

Consider that the "back of the envelope" code with the hash-based dispatch table does this kind of checking implicltly, whereas the symref code doesn't do it at all.

I don't know what this "back of the envelope" code that you speak of is.

-- dug

Comment on Re: Re: Re: Re: Re: Re^3: Naming Subs

Replies are listed 'Best First'.
Re^8: Naming Subs by Ionizor (Pilgrim) on Jan 13, 2003 at 21:34 UTC
I believe the point he's trying to make is that you have to explicitly disallow subroutines that you don't want the user to be able to access directly from the interface. With the hash based inplementation, you have to explicitly allow a user to call a sub directly from the interface. Generally, a whitelist is much easier to maintain than a blacklist, with fewer reprecussions if you make an error when adding or deleting subs (i.e. if you forget to allow a sub the user needs it is less of a problem than if you forget to disallow a potentially dangerous sub). Consider what happens if the user types in "delete_user_by_name SomeUserIDislike" and it works. There would be nothing keeping the user from winning in the case of the hash table, it just prevents the user from calling the "win" sub directly; Only the script can call that subroutine so the user must satisfy all the win conditions before they win. -- Grant me the wisdom to shut my mouth when I don't know what I'm talking about.	[reply]

Replies are listed 'Best First'.

Re^8: Naming Subs
by Ionizor (Pilgrim) on Jan 13, 2003 at 21:34 UTC

I believe the point he's trying to make is that you have to explicitly disallow subroutines that you don't want the user to be able to access directly from the interface. With the hash based inplementation, you have to explicitly allow a user to call a sub directly from the interface. Generally, a whitelist is much easier to maintain than a blacklist, with fewer reprecussions if you make an error when adding or deleting subs (i.e. if you forget to allow a sub the user needs it is less of a problem than if you forget to disallow a potentially dangerous sub). Consider what happens if the user types in "delete_user_by_name SomeUserIDislike" and it works.

There would be nothing keeping the user from winning in the case of the hash table, it just prevents the user from calling the "win" sub directly; Only the script can call that subroutine so the user must satisfy all the win conditions before they win.

--
Grant me the wisdom to shut my mouth when I don't know what I'm talking about.

[reply]