On Scope And Prototype Security

Andrea Giammarchi andrea.giammarchi at gmail.com
Tue Mar 19 14:06:48 PDT 2013


this is probably going to be easier .. let's see if somebody can understand
what I mean:

var public = (function(){
  var private = {
    // everything I know about security in ES
    // is that everything able to accesses
    // the private scopes has been removed...
    // Here I have my own, private, object
    // and nobody out there should be reach it.
    // but it's impossible to grant such achievement
    // if the instance is used through inheritance
    // so that outside there could be simply puppets
    // all of them managed behind the scene
  };
  return Object.freeze(
    Object.create(private)
  );
}());


alert(public.test); // undefined

// why I cannot avoid this? I'd **LOVE** to!
Object.getPrototypeOf(public).test = 123;

alert(public.test); // 123

I hope this is more clear now but feel free to ask more.

Best Regards


On Tue, Mar 19, 2013 at 1:54 PM, Andrea Giammarchi <
andrea.giammarchi at gmail.com> wrote:

> "does not allow runtime modification of all instances at once" meant
> through inheritance, through the proto, and its methods ...
>
>
> On Tue, Mar 19, 2013 at 1:53 PM, Andrea Giammarchi <
> andrea.giammarchi at gmail.com> wrote:
>
>> traits are not private classes, are constant overwrites or the equivalent
>> of Object.create(Object.prototype, instanceDescriptors); which does not
>> allow runtime modification of all instances at once so it does not make
>> state-machines easy and secure to develop via JS.
>>
>> Is there any mechanism in any future specs that does **not** let
>> Object.getPrototypeOf(object) return the prototype and return null instead ?
>>
>> Object.hidePrototypeOf(object)
>>
>> I believe no, that's why I've raised the question in first place.
>>
>> thanks
>>
>>
>>
>>
>>
>> On Tue, Mar 19, 2013 at 1:41 PM, Brendan Eich <brendan at mozilla.com>wrote:
>>
>>> Andrea Giammarchi wrote:
>>>
>>>> so is __parent__ ... in the Mozilla world, not in every browser.
>>>>
>>>
>>> That's irrelevant and also it was never writable.
>>>
>>>
>>>  So your point is that __proto__ is a good thing I guess, I thought it
>>>> was rather a mistake.
>>>>
>>>
>>> I didn't say that. I just said it is old.
>>>
>>>
>>>  Moreover, I am talking about the standard Object.getPrototypeOf() which
>>>> has been introduced recently, not in 1998, and there's no mechanism to
>>>> prevent it to return the prototype.
>>>>
>>>
>>> SES and similar "prepared environment" dialects can and do handle things
>>> like Object.getPrototypeOf (and __proto__).
>>>
>>>
>>>  I understand now security is highly subjective here and private classes
>>>> should not exist in a programming language.
>>>>
>>>
>>> No one said private classes should not exist. David mentioned traits.
>>> ES5 provides tools for high-integrity abstractions. See
>>> http://traitsjs.org/.
>>>
>>> /be
>>>
>>>
>>>> Again, **good to know**
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com<mailto:
>>>> brendan at mozilla.com>> wrote:
>>>>
>>>>     Andrea Giammarchi wrote:
>>>>
>>>>         It is not possible to secure or make a class hidden, it was
>>>>         possible before the introduction of __proto__ and
>>>>         Object.getPrototypeOf in ES3, now this is gone, and this was
>>>>         my security concern.
>>>>         ...
>>>>
>>>>         Again, it was possible, now it's not possible anymore.
>>>>
>>>>
>>>>     By "anymore" you mean since 1998 or so? __proto__ is very old.
>>>>
>>>>     /be
>>>>
>>>>
>>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/fd6c475f/attachment.html>


More information about the es-discuss mailing list