[cap-talk] David Wagner's Google techtalk is now up!
Ben Laurie
benl at google.com
Wed Dec 12 17:27:02 EST 2007
On Dec 12, 2007 2:04 PM, Mathieu Suen <mathieusuen at yahoo.fr> wrote:
>
> On Dec 12, 2007, at 10:35 PM, Ben Laurie wrote:
>
> > On Dec 12, 2007 12:39 PM, Mathieu Suen <mathieusuen at yahoo.fr> wrote:
> >> Thanks a lot for your answer.
> >> In fact I mess up with strong typing and static typing.
> >> I have an other question in mind:
> >>
> >> Can we use Java Interface as Capability?
> >>
> >> Than for method instead of declaring a class for a return type we
> >> simply return an interface.
> >> And it is the same for all other things. We only declare variable
> >> with
> >> an Interace.
> >>
> >> I am also interest why you say that there are some reason to prefer
> >> static typing?
> >
> > One obvious reason to prefer static typing is that violations are
> > detected at compile time.
>
>
> What kind of violation?
>
> For me it seem that most kind of violation that static type detect at
> compile time is also detect when you test you software with
> dynamically type language.
Only if I manage to actually run the offending piece of code. Do you
have 100% test coverage?
>
>
> >
> >
> >>
> >> Thanks
> >>
> >>
> >> On Dec 12, 2007, at 6:22 PM, David Wagner wrote:
> >>
> >>> Mth writes:
> >>>> I am a bit new to security model so sorry if my question seems
> >>>> stupid.
> >>>> In his talk David Wagner say that strongly type system like Java
> >>>> ensure some security.
> >>>> But why?
> >>>> In what dynamically type system is weaker?
> >>>
> >>> The important thing for security is that Java is strongly typed.
> >>> Whether it is statically typed or dynamically typed is less
> >>> important
> >>> for the security objectives under discussion here.
> >>> (Strong typechecking can be implemented statically or dynamically.)
> >>> In Java, the strong typechecking is what provides encapsulation
> >>> (clients can't peek at or tamper with the private data of other
> >>> objects) and unforgeability of capabilities (strong typechecking
> >>> means
> >>> that you can't forge a reference out of whole cloth, and since in
> >>> our system a capability is just a reference, that's what we need).
> >>>
> >>> There are some second-order reasons why one might prefer static
> >>> typing or dynamic typing but to my mind they are secondary compared
> >>> to the above considerations. The object capability paradigm is
> >>> compatible with both statically checked and dynamically checked
> >>> languages. Joe-E is an example of the former; E is an example of
> >>> the latter.
> >>> _______________________________________________
> >>> cap-talk mailing list
> >>> cap-talk at mail.eros-os.org
> >>> http://www.eros-os.org/mailman/listinfo/cap-talk
> >>>
> >>
> >> Mth
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> ___________________________________________________________________________
> >> Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et
> >> son interface révolutionnaire.
> >> http://fr.mail.yahoo.com
> >>
> >> _______________________________________________
> >> cap-talk mailing list
> >> cap-talk at mail.eros-os.org
> >> http://www.eros-os.org/mailman/listinfo/cap-talk
> >>
> >>
> >
> > _______________________________________________
> > cap-talk mailing list
> > cap-talk at mail.eros-os.org
> > http://www.eros-os.org/mailman/listinfo/cap-talk
> >
>
> Mth
>
>
>
>
>
>
>
>
> ___________________________________________________________________________
> Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
> http://fr.mail.yahoo.com
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
More information about the cap-talk
mailing list