On Scope And Prototype Security

Rick Waldron waldron.rick at gmail.com
Tue Mar 19 14:32:40 PDT 2013


On Tue, Mar 19, 2013 at 5:06 PM, Andrea Giammarchi <
andrea.giammarchi at gmail.com> wrote:

> this is probably going to be easier .. let's see if somebody can
> understand what I mean:
>
> var public = (function(){
>   var private = {
>     // everything I know about security in ES
>     // is that everything able to accesses
>     // the private scopes has been removed...
>     // Here I have my own, private, object
>     // and nobody out there should be reach it.
>      // but it's impossible to grant such achievement
>     // if the instance is used through inheritance
>     // so that outside there could be simply puppets
>     // all of them managed behind the scene
>   };
>   return Object.freeze(
>     Object.create(private)
>   );
> }());
>
>
> alert(public.test); // undefined
>
> // why I cannot avoid this? I'd **LOVE** to!
> Object.getPrototypeOf(public).test = 123;
>
> alert(public.test); // 123
>
> I hope this is more clear now but feel free to ask more.
>


If you avoid the strict mode future reserved words...

void function() {
  "use strict";
  var outer = (function(){
    var inner = {};

    Object.freeze(inner);

    return Object.freeze(
      Object.create(inner)
    );
  }());

  console.log(outer.test); // undefined

  // Throws a TypeError, indicating that the object is not extensible!
  Object.getPrototypeOf(outer).test = 123;

  console.log(outer.test); // undefined
}();


Rick



>
> Best Regards
>
>
> On Tue, Mar 19, 2013 at 1:54 PM, Andrea Giammarchi <
> andrea.giammarchi at gmail.com> wrote:
>
>> "does not allow runtime modification of all instances at once" meant
>> through inheritance, through the proto, and its methods ...
>>
>>
>> On Tue, Mar 19, 2013 at 1:53 PM, Andrea Giammarchi <
>> andrea.giammarchi at gmail.com> wrote:
>>
>>> traits are not private classes, are constant overwrites or the
>>> equivalent of Object.create(Object.prototype, instanceDescriptors); which
>>> does not allow runtime modification of all instances at once so it does not
>>> make state-machines easy and secure to develop via JS.
>>>
>>> Is there any mechanism in any future specs that does **not** let
>>> Object.getPrototypeOf(object) return the prototype and return null instead ?
>>>
>>> Object.hidePrototypeOf(object)
>>>
>>> I believe no, that's why I've raised the question in first place.
>>>
>>> thanks
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Mar 19, 2013 at 1:41 PM, Brendan Eich <brendan at mozilla.com>wrote:
>>>
>>>> Andrea Giammarchi wrote:
>>>>
>>>>> so is __parent__ ... in the Mozilla world, not in every browser.
>>>>>
>>>>
>>>> That's irrelevant and also it was never writable.
>>>>
>>>>
>>>>  So your point is that __proto__ is a good thing I guess, I thought it
>>>>> was rather a mistake.
>>>>>
>>>>
>>>> I didn't say that. I just said it is old.
>>>>
>>>>
>>>>  Moreover, I am talking about the standard Object.getPrototypeOf()
>>>>> which has been introduced recently, not in 1998, and there's no mechanism
>>>>> to prevent it to return the prototype.
>>>>>
>>>>
>>>> SES and similar "prepared environment" dialects can and do handle
>>>> things like Object.getPrototypeOf (and __proto__).
>>>>
>>>>
>>>>  I understand now security is highly subjective here and private
>>>>> classes should not exist in a programming language.
>>>>>
>>>>
>>>> No one said private classes should not exist. David mentioned traits.
>>>> ES5 provides tools for high-integrity abstractions. See
>>>> http://traitsjs.org/.
>>>>
>>>> /be
>>>>
>>>>
>>>>> Again, **good to know**
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com<mailto:
>>>>> brendan at mozilla.com>> wrote:
>>>>>
>>>>>     Andrea Giammarchi wrote:
>>>>>
>>>>>         It is not possible to secure or make a class hidden, it was
>>>>>         possible before the introduction of __proto__ and
>>>>>         Object.getPrototypeOf in ES3, now this is gone, and this was
>>>>>         my security concern.
>>>>>         ...
>>>>>
>>>>>         Again, it was possible, now it's not possible anymore.
>>>>>
>>>>>
>>>>>     By "anymore" you mean since 1998 or so? __proto__ is very old.
>>>>>
>>>>>     /be
>>>>>
>>>>>
>>>>>
>>>
>>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/291130a5/attachment-0001.html>


More information about the es-discuss mailing list