Quick comparison of two Namespaces proposals
nicolas cellier
ncellier at ifrance.com
Wed Sep 19 20:20:30 UTC 2007
Are the classes aware of their namespace?
In which case, your security might be broken
AnyPublicClass namespace class allInstances detect: [:e | e name =
#Smalltalk].
Anyway, no need for namespace at all, just a:
(AnyPublicClass withAllSuperclasses last allSubclasses detect: [:e | e
name = #SystemDictionary]) allInstances etc...
Sorry, you might have to restrict available messages too...
Michael van der Gulik a écrit :
>
> Naming collisions aren't my concern.
>
> I want to be able to load untrusted code and run it, securely.
>
> This means that I need a unit for loading remote code, thus the package
> was born. It also means I need to have complete control over what that
> remote code has access to. If you give untrusted code access to the
> global SystemDictionary, it has access to everything (which I consider
> bad practice). To solve this, I've been working on a design for
> Namespaces that lets a code loader show a certain amount of discretion
> about what a package has access to ( i.e. the import lists).
>
> Answering your points directly, I'm hoping that my tools will not be
> that difficult to use so that even power users can use them. The import
> lists should usually be automatically populated by the NamespaceBrowser.
>
> As with smaller images, naming collisions only require two loaded
> packages to happen (even on the smallest image), and I'd find it pretty
> damn annoying if they happen for 1% of all class names. That's every
> third or fourth package.
>
> Gulik.
>
>
> ------------------------------------------------------------------------
>
>
More information about the Squeak-dev
mailing list
|