[Q][Security] in web based squeaking?

Cees de Groot cg at cdegroot.com
Thu Sep 27 15:17:23 UTC 2001


Torge Husfeldt <jean-jacques.gelee at gmx.de> said:
>A while ago I heard of the (theoretical) ability of swikis to support
>real smalltalk scripting inside the edited pages.
>Is this secure?

Depends on your definition of security. Sounds like a cheap joke, but people
have different ideas about security...

In the current incarnation, it would give you the same access as the user
running the Swiki on the server. 

>On the other hand what about security in the Squeak browser plugin? 

A completely different story - AFAIK it runs in a sandbox. From very
restricted sandbox to a more fine-grained tunable security environment is
something that has been done with Java, and there's a lot to learn from the
Java security-related specifications (really :-)). 

There's also Oasis, which is a sandbox for Smalltalk by Les Tyrrell. An
overview sits on http://www.canis.uiuc.edu/~tyrrell/Oasis/overview.html. If
you want to do a Wiki with Smalltalk in the pages, it's probably the best way
to start.

A lot of documentation on capability-based security, which these systems
often base on, can be found at www.erights.org, which describes the E
language. IMHO, it's a must read if you're interested in these topics.

-- 
Cees de Groot               http://www.cdegroot.com     <cg at cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD  1986 F303 937F E098 9E8B
http://www.anti-dmca.org/




More information about the Squeak-dev mailing list