security requirements
Chris Muller
chris at funkyobjects.org
Tue Aug 9 02:13:17 UTC 2005
After a lot of reading and thinking a lot about security for Magma, some vague
ideas have formed in my head for requirements:
#1 it should punish senders of bad, mal-formed or forged requests.
#2 Byte and word buffers should be encrypted on disk in case the file-system
is compromised.
#3 messages should be secure across the public network full of nosey
wire-tappers.
#4 Security within the object-model (for business applications - individual
object-access based on role hierarchy).
Are there any other requirements I should be considering?
Can secure sockets handle #3? If not encryption/decryption would burden the
program way up in the Smalltalk layer; not good.
I've given some thought to implementation for these but am mostly focused on #1
at this time. I've posed an invitation for discussion about #1 on squeak-dev,
but what does anyone think of these other requirements?
- Chris
More information about the Magma
mailing list