Anonymous user
Talk:Break OO privacy: Difference between revisions
→Context?
Line 22:
::::: i'd actually like to use this task to demonstrate that in languages that claim to have protection this protection can be circumvented. of course even nicer would be if we could get proofs for languages where it can't be circumvented. but i guess that may be hard.--[[User:EMBee|eMBee]] 07:02, 25 October 2011 (UTC)
:::::: Shouldn't be that hard on any system that has had a security patch in the last year... If you can access a program's memory, the high level language semantics can be ignored. --[[User:Rdm|Rdm]] 10:07, 25 October 2011 (UTC)
::::::: i mean it is hard to prove that a system is secure, and that private members of an object can not be accessed.
::::::: of course anything that happens outside of the process is beyond the control of the language, but the question is if it is possible to prevent access to private datastructures within the process.
::::::: consider a system that allows you to load new code at runtime (as lisp, pike, python, javascript and many other languages do) is it possible to build the language/compiler/virtual machine in such a way as to make it impossible for newly injected code to access protected datastructures? the question is related to whether it is possible to build sandboxes (like for javascript) that are actually save. certainly sandbox developers claim it is possible, and if it is possible for them then it should be possible for a regular language runtime as well.
::::::: to find out which languages offer this possibility, in particular among languages that allow to inject code at runtime, is a very interesting question.--[[User:EMBee|eMBee]] 12:44, 25 October 2011 (UTC)
| |||