[E-Lang] Reliance & Static Security Checking
Tue, 2 Jan 2001 10:00:49 -0800
> -----Original Message-----
> From: Ben Laurie [mailto:email@example.com]
> Sent: Tuesday, January 02, 2001 8:57 AM
> To: Karp, Alan
> Cc: Mark S. Miller; E Language Discussions
> Subject: Re: [E-Lang] Reliance & Static Security Checking
> I'm sure this is obvious to everyone, but this is rather like Perl's
> "tainting" mechanism. Just thought I'd mention it.
Where do you think I stole the idea from?
> A parallel idea, but not the same one, IMO. The idea behind "rely" was
> that if A relies on B, then A's security is dependent on B's correct
> functioning (and security). In your example A would simply throw a
> run-time error which would not (normally) compromise security.
With regards to security, A relies on B implies that B verifies the
capabilities; A suspects B implies that A does the checking.
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278