On Scope And Prototype Security

Andrea Giammarchi andrea.giammarchi at gmail.com
Tue Mar 19 13:53:34 PDT 2013


traits are not private classes, are constant overwrites or the equivalent
of Object.create(Object.prototype, instanceDescriptors); which does not
allow runtime modification of all instances at once so it does not make
state-machines easy and secure to develop via JS.

Is there any mechanism in any future specs that does **not** let
Object.getPrototypeOf(object) return the prototype and return null instead ?

Object.hidePrototypeOf(object)

I believe no, that's why I've raised the question in first place.

thanks





On Tue, Mar 19, 2013 at 1:41 PM, Brendan Eich <brendan at mozilla.com> wrote:

> Andrea Giammarchi wrote:
>
>> so is __parent__ ... in the Mozilla world, not in every browser.
>>
>
> That's irrelevant and also it was never writable.
>
>
>  So your point is that __proto__ is a good thing I guess, I thought it was
>> rather a mistake.
>>
>
> I didn't say that. I just said it is old.
>
>
>  Moreover, I am talking about the standard Object.getPrototypeOf() which
>> has been introduced recently, not in 1998, and there's no mechanism to
>> prevent it to return the prototype.
>>
>
> SES and similar "prepared environment" dialects can and do handle things
> like Object.getPrototypeOf (and __proto__).
>
>
>  I understand now security is highly subjective here and private classes
>> should not exist in a programming language.
>>
>
> No one said private classes should not exist. David mentioned traits. ES5
> provides tools for high-integrity abstractions. See http://traitsjs.org/.
>
> /be
>
>
>> Again, **good to know**
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com<mailto:
>> brendan at mozilla.com>> wrote:
>>
>>     Andrea Giammarchi wrote:
>>
>>         It is not possible to secure or make a class hidden, it was
>>         possible before the introduction of __proto__ and
>>         Object.getPrototypeOf in ES3, now this is gone, and this was
>>         my security concern.
>>         ...
>>
>>         Again, it was possible, now it's not possible anymore.
>>
>>
>>     By "anymore" you mean since 1998 or so? __proto__ is very old.
>>
>>     /be
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/814299a2/attachment.html>


More information about the es-discuss mailing list