Users, Groups, Permissions for Squeak applications
Cees de Groot
cg at cdegroot.com
Fri Nov 22 20:31:18 UTC 2002
Derek Brans <brans at nerdonawire.com> said:
>I would like to create the notions of users, groups and permissions in
>Squeak.
>
>1. Have there been any previous efforts to accomplish this?
>2. I need some design ideas.
>
I think for a fully OO system, capabilities are the way to go. It's
actually quite easy to implement them, conceptually: 'all' you need to do
is to make sure that you cannot break out of a provided sandbox and can
just follow object references to other objects - if you have done that,
it becomes easy to implement any security model you like. We had some
discussion on this quite some time ago (a year?), and I recall someone
listing all the necessary steps to take in order to 'close down' Squeak
(basically supplying multiple copies of 'Smalltalk', however you want
to share as much library code as you can and that's where it gets hairy).
Oasis is a project that has done a lot of work in this area, up to the point
where separation between 'users' is good enough to allow various dialects to
run concurrently in the image. However, at the moment there doesn't seem to be
a published version of the code.
An effort is underway to implement various aspects of E in Squeak - Rob
Withers is doing this work, but I'm not sure whether he's just implementing
the remote bits of E or is also closing down the VM.
Finally, with all the strange avatars running around in other people's images,
I hope that the people behind the Croquet project have thought about security
;-).
--
Cees de Groot http://www.cdegroot.com <cg at cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD 1986 F303 937F E098 9E8B
Cogito ergo evigilo
More information about the Squeak-dev
mailing list
|