One-time .public

Herby Vojčík herby at mailbox.sk
Sat Dec 17 10:14:14 PST 2011


Errata: I meant "withOUT re-generating it", so it can do the comparision.

-----Pôvodná správa----- 
From: Herby Vojčík
Sent: Saturday, December 17, 2011 7:03 PM
To: es-discuss at mozilla.org
Subject: One-time .public

Hello,

I saw some concerns about security of name.public and possible leak of
correspondence between public and its name. Maybe it can be solved by simple
trick (though it will have some implication of certain parts of code). That
is, each time name.public is read, _new_ object will be created (with the
same propoerties as today's public object has); plus, there will be
name.correspondsTo(public) API which would check if the public element is
equal to the present value of .public (with re-generating it).
                                       ^^^ here's the typo ^^^

So the .public value will be short-lived - 1. it is read 2. passed to the
proxy 3. it must be checked by .correspondsTo API in proxy asap.
In the long run, it's value will be useless since in every invocation, new
.public value will be generated. But the code must be written with this in
mind and should not keep the value to use it later, since it may be
invalidated.

Herby

_______________________________________________
es-discuss mailing list
es-discuss at mozilla.org
https://mail.mozilla.org/listinfo/es-discuss 



More information about the es-discuss mailing list