Berin Loritsch wrote:
> Regarding the ComponentValidator, I am temporarily relenting and
> moving on. To my knowlege we are all in agreement concerning
> Logging. That remains one sore spot to my knowlege *before* we
> release.
Berin:
I think the points you have made in this thread are
right-on-the-money!
I think your talking about security concerns in the same way that I
think about security. Aside from whatever authentication solution,
access control mechanisms, trust management and so forth, if your
building a "valuable" system (i.e. a system handling valuable
assets), you design and build with the assumption that the system
WILL-BE-COMPROMISED. With this presumption there are a variety of
mechanisms that can employed to hide sensitive resources - but
achieving this requires defensive code - because you can never
totally depend on the container because there is always the question
of compromising the contains container (recursively). I disagree
with comments on this thread that this means you have already
lost the battle - internal subsystems can be much more defensive than
their containers. But building defensive systems means very rigorous
enforcement within an object of its operation state - and for that
runtime validation against standard lifecycle semantics is just
plain good-sense.
Cheers, Steve.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
