[E-Lang] Reliance & Static Security Checking

Karp, Alan alan_karp@hp.com
Tue, 2 Jan 2001 10:00:49 -0800

> -----Original Message-----
> From: Ben Laurie [mailto:ben@algroup.co.uk]
> Sent: Tuesday, January 02, 2001 8:57 AM
> To: Karp, Alan
> Cc: Mark S. Miller; E Language Discussions
> Subject: Re: [E-Lang] Reliance & Static Security Checking
> I'm sure this is obvious to everyone, but this is rather like Perl's
> "tainting" mechanism. Just thought I'd mention it.

Where do you think I stole the idea from?

> A parallel idea, but not the same one, IMO. The idea behind "rely" was
> that if A relies on B, then A's security is dependent on B's correct
> functioning (and security). In your example A would simply throw a
> run-time error which would not (normally) compromise security.

With regards to security, A relies on B implies that B verifies the
capabilities; A suspects B implies that A does the checking.

Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278