[Q][Security] in web based squeaking?
Cees de Groot
cg at cdegroot.com
Thu Sep 27 15:17:23 UTC 2001
Torge Husfeldt <jean-jacques.gelee at gmx.de> said:
>A while ago I heard of the (theoretical) ability of swikis to support
>real smalltalk scripting inside the edited pages.
>Is this secure?
Depends on your definition of security. Sounds like a cheap joke, but people
have different ideas about security...
In the current incarnation, it would give you the same access as the user
running the Swiki on the server.
>On the other hand what about security in the Squeak browser plugin?
A completely different story - AFAIK it runs in a sandbox. From very
restricted sandbox to a more fine-grained tunable security environment is
something that has been done with Java, and there's a lot to learn from the
Java security-related specifications (really :-)).
There's also Oasis, which is a sandbox for Smalltalk by Les Tyrrell. An
overview sits on http://www.canis.uiuc.edu/~tyrrell/Oasis/overview.html. If
you want to do a Wiki with Smalltalk in the pages, it's probably the best way
to start.
A lot of documentation on capability-based security, which these systems
often base on, can be found at www.erights.org, which describes the E
language. IMHO, it's a must read if you're interested in these topics.
--
Cees de Groot http://www.cdegroot.com <cg at cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD 1986 F303 937F E098 9E8B
http://www.anti-dmca.org/
More information about the Squeak-dev
mailing list
|