Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a

To:	REALbasic NUG <realbasic-nug at lists dot realsoftware dot com>
Subject:	Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a
From:	Mark Nutter <manutter51 at yahoo dot com>
Date:	Wed, 30 Nov 2005 19:16:45 -0800 (PST)
Delivered-to:	realbasic-nug at lists dot realsoftware dot com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=PsrIyQ4AJvfb6X8cyiJ6VZeB+aUGG2XKAiFAWPZgyRljoOXxrswpceD1LIM7QDO3BIlK1ho9Qz1lMd+waAJ7egH2ugXMpy3mkA7sLUyTNj6472/Z1INa9R+EwlYWMQfp1TYtagOG52v8o3sZH2ne042onkKZ6uWDeJmie7NObhs= ;

--- Ryan Dary <nug at ryandary dot com> wrote:

> I'd like to know how this "intrusion" would be
> problematic.  If someone 
> makes a change to something they "shouldn't" have,
> and something crashes 
> because of it... so be it.  They shouldn't have
> mucked around with it. 
> The good rule of thumb would be, don't mess with it,
> unless you know you 
> are prepared the handle the consequences.
> 
> Can someone provide an example of how this
> "invasion" of private classes 
> could be used.  I know that some people are saying
> that it would cause 
> problems, or require authors to worry that people
> are inspecting their 
> objects.. but really, how could this be harmful?

Well, I'm going to play devil's advocate against
myself here... Suppose I've got an encrypted class so
you can't see what private methods and properties it
has, and one of its private properties is a Dictionary
class instance.  Normally, you'd have no access to the
contents of my private Dictionary property, which
might contain, say, an encryption key, or local copies
of some private passwords or something.  Just by being
able to grab arbitrary Dictionary instances, however,
you'd be able to bypass both the encryption of my
class and the scoping rules of my class data members,
and access my private Dictionary directly, thus
exposing data I, the library programmer, did not
intend or expect you to be able to see.

Hmm, it does seem that there are security implications
here I hadn't anticipated, and I'm betting it would be
fairly cumbersome to implement a version of
Runtime.GetObject that respected scoping and
encryption restrictions.

Mark Nutter

Quick and easy regex creation and debugging!
http://www.bucktailsoftware.com/products/regexplorer/

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>

<Prev in Thread]	Current Thread	[Next in Thread>
[ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Mark Nutter Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Sean Arney Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Mark Nutter Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Sean Arney Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Phil M Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Mark Nutter Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Phil M Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Ryan Dary Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Mark Nutter <= Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Phil M Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Ryan Dary Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, CV

Previous by Date:	Re: Doh! Variant.Hash is case insenstive, Roph
Next by Date:	Re: Doh! Variant.Hash is case insenstive, Phil M
Previous by Thread:	Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Ryan Dary
Next by Thread:	Re: [ANN] LeakCheck Classes 2005 Pre-Release v0.1a, Phil M
Indexes:	[Date] [Thread] [Top] [All Lists]