<!-- MHonArc v2.4.4 --> <!--X-Subject: Re: [MUD-Dev] (fwd) Functional Security --> <!--X-From-R13: X Q Znjerapr <pynjNhaqre.rate.ftv.pbz> --> <!--X-Date: Mon, 23 Mar 1998 19:02:43 +0000 --> <!--X-Message-Id: 199803231902.LAA52873#under,engr.sgi.com --> <!--X-Content-Type: text/plain --> <!--X-Reference: 7elnu51wdc.fsf#zesoi,fer.hr --> <!--X-Head-End--> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <html> <head> <title>MUD-Dev message, Re: [MUD-Dev] (fwd) Functional Security</title> <!-- meta name="robots" content="noindex,nofollow" --> <link rev="made" href="mailto:claw#under,engr.sgi.com"> </head> <body background="/backgrounds/paperback.gif" bgcolor="#ffffff" text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000"> <font size="+4" color="#804040"> <strong><em>MUD-Dev<br>mailing list archive</em></strong> </font> <br> [ <a href="../">Other Periods</a> | <a href="../../">Other mailing lists</a> | <a href="/search.php3">Search</a> ] <br clear=all><hr> <!--X-Body-Begin--> <!--X-User-Header--> <!--X-User-Header-End--> <!--X-TopPNI--> Date: [ <a href="msg00848.html">Previous</a> | <a href="msg00850.html">Next</a> ] Thread: [ <a href="msg00785.html">Previous</a> | <a href="msg00760.html">Next</a> ] Index: [ <A HREF="author.html#00849">Author</A> | <A HREF="#00849">Date</A> | <A HREF="thread.html#00849">Thread</A> ] <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> <H1>Re: [MUD-Dev] (fwd) Functional Security</H1> <HR> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <UL> <LI><em>To</em>: <A HREF="mailto:mud-dev#null,net">mud-dev#null,net</A></LI> <LI><em>Subject</em>: Re: [MUD-Dev] (fwd) Functional Security </LI> <LI><em>From</em>: J C Lawrence <<A HREF="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</A>></LI> <LI><em>Date</em>: Mon, 23 Mar 1998 11:02:39 -0800</LI> </UL> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> <HR> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> <PRE> On Fri, 20 Mar 1998 02:51:53 PST8PDT Miroslav Silovic<silovic#zesoi,fer.hr> wrote: > Actually Cold seems to have solved this problem: It has the > following mechanisms: > 1) bind() - binds primitive function to an object. After that, > only the methods on the object can invoke the function > 2) native methods - C function can be interfaced with Cold in > such a way that it appears to be ordinary method for all practical > purposes (except that you can't list its source) > 3) private/public/protected method flags - these do the same > thing as in C++ - they limit the objects that can call methods > 4) no_override flag - flag a method with this and it can't be > overriden on the descendants of the object I follow this model almost exactly except that I add the following: Inheritance is at the whim of the parent, not the child. All incoming method calls, including inheritance requests, are passed thru a simple gauntlet which maps the inheritance tree of the caller and event owner against an explicit list of objects, and depending on match either accepts or denies the method call on that basis. ie accept ($caller, {list, of, objects, ...}) will accept method calls from all objects whose inheritance tree intersects one of the listed objects reject ($caller, {list, of, objects, ...}) will reject method calls from all objects whose inheritance tree intersects one of the listed objects by raising exception. Method calls which are neither explicitly accepted or rejected are rejected with an exception to the effect of "I don't know who you are". The archicture of the object model has the relevant object lists for each being inherited, cumulative, and non-overrideable. Oh, and the reject list is checked before the accept list... Note: This is cheaper than it seems as I don't maintain compound object images for objects representing their inheritance state, but instead keep them as a dynamic map of the inheritance tree with calls being made to the original copies, not local copies. I also do a *LOT* of cacheing so that checks for the same object pairs within a given event are not repeated. Should the incoming method call pass the gauntlet, it may then (optionally) pass thru a second level of object-specific authentication before being passed to the object in question. Outside of this authentication tends to be done on the basis of "friends" and "allies" lists, with membership (or occassionally inheritance from) one of the listed objects being the pass phrase. -- J C Lawrence Internet: claw#null,net (Contractor) Internet: coder#ibm,net ---------(*) Internet: claw#under,engr.sgi.com ...Honourary Member of Clan McFud -- Teamer's Avenging Monolith... </PRE> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <!--X-Follow-Ups-End--> <!--X-References--> <UL><LI><STRONG>References</STRONG>: <UL> <LI><STRONG><A NAME="00785" HREF="msg00785.html">Re: [MUD-Dev] (fwd) Functional Security</A></STRONG> <UL><LI><EM>From:</EM> Miroslav Silovic <silovic#zesoi,fer.hr></LI></UL></LI> </UL></LI></UL> <!--X-References-End--> <!--X-BotPNI--> <UL> <LI>Prev by Date: <STRONG><A HREF="msg00848.html">Re: [MUD-Dev] XShipWars</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg00850.html">Re: [MUD-Dev] Dynamic Loading of Modules</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg00785.html">Re: [MUD-Dev] (fwd) Functional Security</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg00760.html">Re: [MUD-Dev] Transport layer (UDP vs TCP)</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="index.html#00849"><STRONG>Date</STRONG></A></LI> <LI><A HREF="thread.html#00849"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> <ul><li>Thread context: <BLOCKQUOTE><UL> <LI><strong><A NAME="00776" HREF="msg00776.html">(fwd) Functional Security</A></strong>, J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Fri 20 Mar 1998, 00:04 GMT <UL> <LI><strong><A NAME="00777" HREF="msg00777.html">Re: [MUD-Dev] (fwd) Functional Security</A></strong>, Ling <a href="mailto:K.L.Lo-94#student,lboro.ac.uk">K.L.Lo-94#student,lboro.ac.uk</a>, Fri 20 Mar 1998, 03:16 GMT </LI> <LI><strong><A NAME="00780" HREF="msg00780.html">Re: [MUD-Dev] (fwd) Functional Security</A></strong>, Matt Chatterley <a href="mailto:matt#mpc,dyn.ml.org">matt#mpc,dyn.ml.org</a>, Fri 20 Mar 1998, 08:52 GMT <UL> <LI><strong><A NAME="00785" HREF="msg00785.html">Re: [MUD-Dev] (fwd) Functional Security</A></strong>, Miroslav Silovic <a href="mailto:silovic#zesoi,fer.hr">silovic#zesoi,fer.hr</a>, Fri 20 Mar 1998, 10:37 GMT <UL> <LI><strong><A NAME="00849" HREF="msg00849.html">Re: [MUD-Dev] (fwd) Functional Security</A></strong>, J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Mon 23 Mar 1998, 19:02 GMT </LI> </UL> </LI> </UL> </LI> </UL> </LI> <LI><strong><A NAME="00760" HREF="msg00760.html">Re: [MUD-Dev] Transport layer (UDP vs TCP)</A></strong>, Chris Gray <a href="mailto:cg#ami-cg,GraySage.Edmonton.AB.CA">cg#ami-cg,GraySage.Edmonton.AB.CA</a>, Thu 19 Mar 1998, 01:54 GMT <LI><strong><A NAME="00759" HREF="msg00759.html">Re: [MUD-Dev] SfD: Clientside Caching</A></strong>, Chris Gray <a href="mailto:cg#ami-cg,GraySage.Edmonton.AB.CA">cg#ami-cg,GraySage.Edmonton.AB.CA</a>, Thu 19 Mar 1998, 01:54 GMT <LI><strong><A NAME="00757" HREF="msg00757.html">SIMULATING FUTURE HISTORIES: THE NAU SOLAR SYSTEM SIMULATION & MARS SETTLEMENT</A></strong>, J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Thu 19 Mar 1998, 00:42 GMT <UL> <LI><strong><A NAME="00768" HREF="msg00768.html">SIMULATING FUTURE HISTORIES</A></strong>, s001gmu <a href="mailto:s001gmu#nova,wright.edu">s001gmu#nova,wright.edu</a>, Thu 19 Mar 1998, 21:27 GMT </LI> </UL> </LI> </UL></BLOCKQUOTE> </ul> <hr> <center> [ <a href="../">Other Periods</a> | <a href="../../">Other mailing lists</a> | <a href="/search.php3">Search</a> ] </center> <hr> </body> </html>