direct_proxies "problem"

Nathan Wall nathan.wall at live.com
Sat Jan 12 16:27:57 PST 2013


> I'm still reluctant to give up on the unknownPrivateSymbol trap, because
> doing so means giving up on mediation for one case.
> In this case, we were able to capture every single private symbol passed
> back and forth, but in another situation, maybe we didn't create A and B.
> Someone else created them and just shared with each the same private
> symbol and then handed off access to A and B so you can work with them.
> You share an object through a membrane, they cooperate to do what you
> ask them to (without using their shared secret), then, you'd like to cut
> the communication? You revoke the membranes. But sharing a common object
> (or a least different proxies to a common target) is all they need to
> continue communicate since they have a private symbol you're oblivious
> to, so they can still communicate.
> In that scenario, the only way to actually cut the communication is the
> unknownPrivateSymbol trap (admittedly, the scenario has been crafted to
> that end, but is realistic anyway)

Is this scenario unique to private symbols? Can't I replace the word "private symbol" in your scenario above with "WeakMap" (or really just any object) and you have the same problem?

If A and B are created by someone else, and both A and B are given a shared WeakMap and then they are passed off to a membrane which tries to cut communication, can't A and B continue to communicate behind the scenes through their shared WeakMap?

I think if A and B are known directly to anyone before the membrane, they can build a backdoor to communicate, `unknownPrivateSymbol` trap or not.

Nathan 		 	   		  


More information about the es-discuss mailing list