[E-Lang] Re: Java 2 "Security"
Tue, 02 Jan 2001 15:00:56 -0800
At 01:02 PM 1/2/01 -0700, Marc Stiegler wrote:
>In my admittedly limited practical experiences, I actually haven't found
>much need for stack-frame-based revocation. Once you've given an object a
>power, there is generally no new security issue raised in allowing the
>object to keep the power--not until you are about to grant the object
>yet-another-power: you may not trust the object with both powers at the same
>time even though you trust it with either one by itself (the ability to read
>confidential data and the ability to connect to the Internet, for example).
>So the E machinery allows the following pattern, which stack frame control
>#and so on
You do have to worry about:
[poweruser saves confidential data]
[poweruser passes confidential data to revokable3]
#and so on
>From a security prospective, it is better not to reuse objects this way.