Private symbols auto-unwrapping proxies (was: Security Demands Simplicity (was: Private Slots))

Brandon Benvie brandon at brandonbenvie.com
Mon Jan 28 23:27:49 PST 2013


I realized the discrepancy between my thinking and what you said. In the
case of a membrane, you are correct. A membrane will always unwrap
everything, so you will only ever end up with dry method/dry this. That
makes all the different forms of private equivalent. The difference arises
when you're not dealing with a membrane, rather just a one shot proxy. In
this case, you often do end up with (to borrow membrane the membrane
terminology) dry method/wet this. this is the specific circumstance (and
I believe the likely most commonly encountered one) in which auto-unwrapped
private symbols do the right thing when the other private forms fail to
work correctly.

On Monday, January 28, 2013, Mark S. Miller wrote:

> So the corresponding WeakMap situation would be one where the WeakMap o2
> is never passed through the membrane, so there is no p2 on the other side
> of the membrane. In that scenario, AFAICT PrivateSymbol proposal #1, #2,
> and WeakMaps are all equivalent. Not so?
>
>
> On Mon, Jan 28, 2013 at 4:19 PM, Brandon Benvie <brandon at brandonbenvie.com<javascript:_e({}, 'cvml', 'brandon at brandonbenvie.com');>
> > wrote:
>
>> The assumption that my conclusion on auto-unwrapping rests on is that the
>> situation shouldn't arise where a wet value is set as a dry object's
>> private property. The reasoning is that the private key is presumed to be
>> something closely guarded and that won't be shared in such a way that this
>> happens. This assumption is the underpinning of the whole thing, so it's
>> the real point of contention.
>>
>
>
>
> --
>     Cheers,
>     --MarkM
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130129/bc7650f2/attachment.html>


More information about the es-discuss mailing list