in reply to Re: Restricted' data, a clarification
in thread 'Restricted' data, an additional security mechanism for Perl.

I could be missing some of the finer points, but essentially my point is "a lock is no good if the key is under the door mat". It seems the key is under the door mat.
It's not a lock. It's not intended to prevent malice. A programmer could always remove the 'restrict' calls, or add calls as to allow sensitive data to go out on evil channels.

Tainting isn't a lock either. "use strict;" isn't a lock. Nor is "use warnings;". They are like safety belts. Those aren't locks either. They help you prevent doing damage.

Abigail

Replies are listed 'Best First'.
Re: Re: Restricted' data, a clarification
by flyingmoose (Priest) on Feb 12, 2004 at 17:51 UTC

    Fair enough. Safety belts are good. I understand now.

    But if I may, I'd like to polish up the API quite a bit. This should be equivalent in goal and allows for the restricting code to be given by the restrictor, not the one using the restricted data. So this is much more safe and allows for writing the protection routine only once.

    May I suggest: 

    use Restricted;
RESTRICT $creditCard, sub { someMangling($_); };
print $creditCard;  # only shows last four
print UNRESTRICT($creditCard); # prints whole number
print $creditCard;  # var is restricted here as well

    [download]
    AND also (if you want death) you have choices: 
    use Restricted;
RESTRICT $creditCard, sub { die "locked variable!" };
print $creditCard;  # KABOOM!
print UNRESTRICT($creditCard); # OK

    [download]

    Seems much more straight forward as an API to me. I could live with (and actually like and use) this interface. Needs to be extended to support non-scalar data structures though, but I suppose restricting references would serve appropriately.

    Comments?

[reply]
[d/l]
[select]

In Section Meditations