On Scope And Prototype Security

Andrea Giammarchi andrea.giammarchi at gmail.com
Tue Mar 19 13:54:13 PDT 2013


"does not allow runtime modification of all instances at once" meant
through inheritance, through the proto, and its methods ...


On Tue, Mar 19, 2013 at 1:53 PM, Andrea Giammarchi <
andrea.giammarchi at gmail.com> wrote:

> traits are not private classes, are constant overwrites or the equivalent
> of Object.create(Object.prototype, instanceDescriptors); which does not
> allow runtime modification of all instances at once so it does not make
> state-machines easy and secure to develop via JS.
>
> Is there any mechanism in any future specs that does **not** let
> Object.getPrototypeOf(object) return the prototype and return null instead ?
>
> Object.hidePrototypeOf(object)
>
> I believe no, that's why I've raised the question in first place.
>
> thanks
>
>
>
>
>
> On Tue, Mar 19, 2013 at 1:41 PM, Brendan Eich <brendan at mozilla.com> wrote:
>
>> Andrea Giammarchi wrote:
>>
>>> so is __parent__ ... in the Mozilla world, not in every browser.
>>>
>>
>> That's irrelevant and also it was never writable.
>>
>>
>>  So your point is that __proto__ is a good thing I guess, I thought it
>>> was rather a mistake.
>>>
>>
>> I didn't say that. I just said it is old.
>>
>>
>>  Moreover, I am talking about the standard Object.getPrototypeOf() which
>>> has been introduced recently, not in 1998, and there's no mechanism to
>>> prevent it to return the prototype.
>>>
>>
>> SES and similar "prepared environment" dialects can and do handle things
>> like Object.getPrototypeOf (and __proto__).
>>
>>
>>  I understand now security is highly subjective here and private classes
>>> should not exist in a programming language.
>>>
>>
>> No one said private classes should not exist. David mentioned traits. ES5
>> provides tools for high-integrity abstractions. See http://traitsjs.org/.
>>
>> /be
>>
>>
>>> Again, **good to know**
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com<mailto:
>>> brendan at mozilla.com>> wrote:
>>>
>>>     Andrea Giammarchi wrote:
>>>
>>>         It is not possible to secure or make a class hidden, it was
>>>         possible before the introduction of __proto__ and
>>>         Object.getPrototypeOf in ES3, now this is gone, and this was
>>>         my security concern.
>>>         ...
>>>
>>>         Again, it was possible, now it's not possible anymore.
>>>
>>>
>>>     By "anymore" you mean since 1998 or so? __proto__ is very old.
>>>
>>>     /be
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/1137956c/attachment-0001.html>


More information about the es-discuss mailing list