Squeak Sandboxes?
Jecel Assumpcao Jr
jecel at merlintec.com
Wed Aug 15 19:18:39 UTC 2001
On Wednesday 15 August 2001 13:04, Noel J. Bergman wrote:
> Right now people tend to treat an image as a sandbox. "If you break
> it, create a new image."
>
> In the spirit of further evolving the concept of protecting parts of
> the environment, what would it take limit access to trusted receivers
> from untrusted senders? This would effectively allow building
> "sandboxes" inside of Squeak, although that is just a subset of the
> consequences.
Since we already need some kind of viewpoint or package system (as
suggested by Dan Ingalls. BTW, is anyone going to do the comparison he
asked for?), we could build a capability-like system on top of that.
If we have an object A, some other objects won't have a reference to it
and won't be able to access it at all. Others will have a reference to
a limited perspective and so won't be able to send any messages that
change it. Still others will have a reference to a more complete
perspective and will be able to make a mess (I am supposing we trust
them not to do so).
This is much more flexible than the typical capability read/write bits
and will also allow A to be seen from a MathPackage perspective as well
as from a FrogGame perspective.
Of course, just having the infrastructure isn't enough. You then have
to set up all the references just right and that is a lot of work!
-- Jecel
More information about the Squeak-dev
mailing list
|