direct_proxies "problem"

Nathan Wall nathan.wall at live.com
Sat Jan 12 15:09:37 PST 2013


hmm.. I just realized that B doesn't have direct access to O. So even if B does have access to M, trying to get N from P[M] would expose N to the membrane.

So perhaps I don't understand your original dilemma?

(Forgive me if I'm making you repeat past discussions for my sake. It's not my intention to just make you explain things to me that the rest of the list already understands.)

Nathan


> Here's how I'm imagining it: So if A shares object O with B, the membrane may wrap O in proxy P. O may have a private symbol properties M and N, where the property for symbol M actually points to symbol N:
>
> let O = { },
> M = new Symbol(true/* private */),
> N = new Symbol(true/* private */);
> O[M] = N;
> O[N] = null;
>
> When A shares O with B, the membrane will not be able to see either one of these symbols.
>
> Let's assume no `unknownPrivateSymbol` trap.
>
> The objects cannot yet communicate without the membrane knowing because B does not know O's private symbols.
>
> Later if A shares private symbol M with B, the membrane will intercept the symbol and add it to the whitelist before passing it along. Now the membrane knows about M but it can only learn about N by searching all previous communications for M. The membrane could in theory discover N by searching previous communications for M and finding N in O. I agree with you though that this is a pretty huge overhead for the membrane to have to do, so let's look for another way.
>
> If the membrane fails to search O for M, then B can discover N under-the-hood -- that is, B gets access to a private symbol that the membrane doesn't have on its whitelist.
>
> However, what if the membrane, instead of passing along M, creates a new private symbol M2, and this is the actual symbol shared with B. Now if B checks O for property M2 it will not be able to uncover the symbol N. The membrane adds M2 to its whitelist and anytime B tries to send M2 back to A, the membrane converts it to M (and vice versa). Therefore, A always sees only symbol M and B always sees only symbol M2.
>
> Does this work and allow us to do without `unknownPrivateSymbol`?
>
> (An even easier alternative is that the membrane could prevent sharing private symbols.)
>
> Nathan
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss 		 	   		  


More information about the es-discuss mailing list