[DGD] Re: My idea for the DGD driver - validate

Robert Forshaw iouswuoibev at hotmail.com
Thu Feb 12 22:42:18 CET 2004


>From: Erwin Harte <harte at is-here.com>
> > The idea is that there would be a keyword, for example, validate, for a
> > function. Any function declared with this keyword can not be called by
> > anything except the driver. Now, when naughty_object does a call_other 
>to
> > OBJECTD, or whatever, if there is a validate function there then that
> > function will be called instead of the function specified. If the 
>function
> > bearing the validate keyword returns zero,
>
>Perhaps you've noticed 'private' and 'static' functions in other code?
>I believe these will allow you to do 99% of what you want, already.

You would know that I have if you read the entire post, as I mention these 
keywords. You would also know that 99% of what I want cannot be fulfilled by 
'private' and 'static'. There is far more to my idea than simply privatising 
a function, or all functions. The feature is supposed to allow you to decide 
what objects can call the functions in an object, (or you can in fact decide 
whether the functions can be called on any expression, its entirely up to 
you what goes in the validate function) in a very compact way, without the 
need to perform individual checks at the beginning of each and every 
function, which is both tedious and prone to human error.

So instead, these checks are implented in one function that the driver 
dictates is manditory to be called whenever a call_other is called with that 
object as the first argument. 'private' and 'static' are absolutes, because 
they either say 'you can call this function from another object' or 'you 
can't call this function from another object'. My 'validate' idea allows for 
far more flexibility; it says 'You can't call a function in this object from 
another object unless I say so by returning 1, and by default, I won't 
return 1, so you MUST lay down the necessary security measures in here or 
I'll return 0 and you can't call anything in this object from a different 
object!'. As you can see, it's a very different thing.

The reason I described my current problem at the beginning of my post was so 
that you would appreciate that this feature is about letting very particular 
objects execute a function, or execute it under very particular conditions. 
None of which can be achieved using 'static' or 'private' whatsoever. 
Ideally, a security-conscious lib coder would use 'validate' in every object 
that contains functions that they don't want 'just any object' to call, but 
can't be private or static either.

_________________________________________________________________
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo

_________________________________________________________________
List config page:  http://list.imaginary.com/mailman/listinfo/dgd



More information about the DGD mailing list