[Python-Dev] Re: Capabilities - published interfaces
python-dev at zesty.ca
Mon Dec 29 04:43:16 EST 2003
I've been distracted by holiday events, but this requires a reply.
On Sat, 20 Dec 2003, Aahz wrote:
> Exactly. From my observations of these discussions, there are
> essentially only two reasons for restricted execution:
> * To simplify things by reducing the potential solution space
> * To protect a system against a hostile attacker
There is a huge blind spot in your claim. You forgot:
* To limit the damage caused by a bug in your program
* To make your programs have more predictable behaviour
Capabilities are about making clear what parts of your program
can and can't do.
> Supposedly there's a middle ground of untrusted but non-hostile code,
> but what's the point of providing support for that?
Have you ever used a library written by someone else? Have you ever
found a bug in something you wrote yourself?
"Untrusted but non-hostile code" is what all of us write every day.
More information about the Python-Dev