[DGD] Alternatives to the Kernel model of security...

Noah Gibbs noah_gibbs at yahoo.com
Wed Jan 28 03:11:39 CET 2004


  The Kernel Library, while it's a very powerful and
useful bit of software, is undeniably hard to use in
certain cases.  I don't mean it's technically
incapable.  I mean that its security model is
unfamiliar to essentially everyone, and that common
forms of security are difficult to map onto its
interace.

  With that in mind, I'm curious if other people can
think of better/easier alternatives to what its file
system does.

  Traditional file security models, such as keeping an
owner and a group and doing permissions per-file,
would have to be modified.  You can't play with file
permissions from DGD because they may not exist... 
You could tack them onto the start of every file in
some simple format, but then modifying files in text
editors becomes harder...

  The Kernel Library has an especially limited set of
permissions for objects -- a wizard's objects can call
into very few directories.  That's intentional, since
objects have the greatest likelihood of causing
serious bugs or security breaches.  But the Kernel
makes it very hard to get them to *do* certain things.

  What other models have people thought about?  Is
anybody using another security model with good
success?


=====
------
noah_gibbs at yahoo.com

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
_________________________________________________________________
List config page:  http://list.imaginary.com/mailman/listinfo/dgd



More information about the DGD mailing list