Le 24/09/2012 10:04, Tom Van Cutsem a écrit : > 2012/9/24 David Bruant <[email protected] <mailto:[email protected]>> > > Le 23/09/2012 22:04, Herby Vojčík a écrit : > > Hello, > > > > maybe I missed something, but how will you secure the whitelist > > itself? Malicious proxy knowing righteous one can steal its > whitelist, > > afaict. > I'm sorry, I don't understand what you're saying here. Can you be more > specific and provide an example of an attack? > > As far as I'm concerned, I consider the design secure, because it's > possible to easily write code so that only a proxy (or it's handler to > be more accurate) has access to its whitelist and nothing else. > > > Right. Perhaps what Herby meant is that the proxy might provide a > malicious whitelist to steal the names being looked up in them. This > will be prevented by requiring the whitelist to be a genuine, built-in > WeakSet. The proxy will use the built-in WeakSet.prototype.get method > to lookup a name in that whitelist, so a proxy can't monkey-patch that > method to steal the name either. True. I think a lot of that part depends on how WeakSet/Set are spec'ed. It might be possible to accept proxies wrapping WeakSets (which is likely to be helpful with membranes) and perform the check on the target directly, bypassing the proxy traps. Or maybe consider the built-in WeakSet.prototype.get method as a private named method on the weakset instance and only call the unknownPrivateName trap.
David
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
