jed-users mailing list

[2003 Date Index] [2003 Thread Index] [Other years]
[Thread Prev] [Thread Next]      [Date Prev] [Date Next]

Re: [jed-users] setting programming style


In message <200301170320.h0H3KZGL007281@xxxxxxxxxxxxxx>, John E. Davis <davis@xxxxxxxxxxxxx> writes
Frank v Waveren <fvw@xxxxxx> wrote:
filenames things get saved to and such. I'd be much more comfortable
with having a whitelist, there aren't _that_ many things that have to
be changeable from the file are there?

I would not want to make the decision about what should and should not
be set allowed.  Whenever I have tried to make such decisions in the
past, I have been wrong.  I think that a reasonable compromise would
be to make the setting of variables conditional as I have done with
"eval".

Using a whitelist as the primary security implies a deny-all policy. Ship an empty whitelist and you can't possibly get it wrong ;)

I could live with approving or disallowing each new eval string the first time its seen and autobuilding private white & black lists.

Since JED/Slang lack a rigorous security model or any sandbox support there aren't many plausible alternatives ;(

--
Paul Shirley

--------------------------
To unsubscribe send email to <jed-users-request@xxxxxxxxxxx> with
the word "unsubscribe" in the message body.
Need help? Email <jed-users-owner@xxxxxxxxxxx>.


[2003 date index] [2003 thread index]
[Thread Prev] [Thread Next]      [Date Prev] [Date Next]