On Scope And Prototype Security

Andrea Giammarchi andrea.giammarchi at gmail.com
Sun Mar 17 10:09:36 PDT 2013


My concern is about being unable to let "anyone" retrieve that property,
for introspection or to pollute it or change it being able to make my
private constructor insecure.
In the example there but in other situation I cannot freeze the prototype
and yet I cannot hide it from outside in a meaningful way.

AFAICT it looks like "just introspection" for something able to make
private classes basically impossible is not a security concern so thanks
for your answer, now I know there's no way to have that behavior now,
neither tomorrow (so, long story short: good to know)

br


On Sun, Mar 17, 2013 at 8:02 AM, David Bruant <bruant.d at gmail.com> wrote:

> Hi Andrea,
>
> I'm really having a hard time understanding where the security issue is
> here.
> From what I understand, you've properly hidden the "Private" constructor.
> I am not surprised if code can reach the [[Prototype]] of an instance and
> I wouldn't consider that a flaw. I would consider that the [[Prototype]] is
> part of the object and accessing the [[Prototype]] is like accessing a
> property or the [[Class]], it's just introspection.
>
> David
>
> Le 17/03/2013 03:04, Andrea Giammarchi a écrit :
>
>  That conversation on `fn. caller` left me many doubts about extra things
>> too.
>>
>> As example, I understand the fact a function that do not want to be
>> accessed should not be accessed when any accepted object could due tweaked
>> to retrieve it via caller, that's OK, but what about private "classes" and
>> the fact there's no way to ensure them private?
>>
>> Despite the sense, the good and the bad, this is perfectly valid JS code:
>>
>> var myNameSpace = function () {
>>
>>   var queue = [];
>>
>>   function Private() {
>>     this.init();
>>   }
>>
>>   function initBeforeDOM() {
>>     queue.push(this);
>>   }
>>
>>   function initAfterDOM() {
>>     // do stuff
>>   }
>>
>>   Private.prototype.init = initBeforeDOM;
>>   window.addEventListener('**DOMContentLoaded', function(){
>>     Private.prototype.init = initAfterDOM;
>>     queue.forEach(function (instance) {
>>       initAfterDOM.call(instance);
>>     });
>>   });
>>
>>   // trying to make Private inaccessible
>>   Object.defineProperty(
>>     Private.prototype,
>>     'constructor',
>>     {value: Object,
>>      enumerable:false,
>>      writable:false,
>>      configurable:false}
>>   );
>>
>>   return {
>>     generate: function () {
>>       return new Private;
>>     }
>>   };
>> }();
>>
>> var o = myNameSpace.generate();
>> var proto = Object.getPrototypeOf(o);
>> alert(proto.constructor);
>> alert(proto.init);
>>
>> Above code is also based on few concepts I always found cool about JS
>> like the possibility to mutate all objects at once through the prototype,
>> usually considered a bad practice, but technically the
>> best/fastest/memory-safe way we have in JS to create state machines
>> behaviors through distributed instances so ... **way too cool**
>>
>> Well, I've got a problem, even if the constructor might be unreachable,
>> there is something I cannot secure at all which is the constructor
>> prototype.
>>
>> Not a single mechanism, in current JS, lets me make a prototype safe from
>> operations, potentially nasty and disastrous, as `Object.getPrototypeOf(*
>> *generic)` is.
>>
>> Thoughts? Thanks.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130317/489fb95d/attachment.html>


More information about the es-discuss mailing list