[Seaside] Seaside playground

Lukas Renggli renggli at gmail.com
Tue Jan 12 09:12:18 UTC 2010


> could they use your trick with using the debugger to interpret bytecode you did years ago.

Yes, that would make it slightly more secure, because one could also
check also the calls within the code and the receivers and arguments.
As with all the previous improvements, this will just make it slightly
more time consuming to find a working exploit. A highly reflective and
unsecured system like Smalltalk cannot be protected like that. If the
language doesn't provide the infrastructure to be secure (for example
through immutable objects, special execution environments, etc.) this
is not reasonably possible

Lukas

-- 
Lukas Renggli
http://www.lukas-renggli.ch


More information about the seaside mailing list