[Python-Dev] capabilities & proxies (python-dev Summary for 2003-03-01
Tue, 18 Mar 2003 11:27:14 +0100
Ben Laurie wrote:
> Brett Cannon wrote:
>> Capabilities can loosely be thought of like bound methods. Security with
>> capabilities is done based on possession; if you hold a reference to an
>> object you can use that object.
> This confusion is my fault: I just happened to like using bound methods
> as the basis for capabilities, but objects can also be used, so long as
> access to them is appropriately restricted. This is explained in detail
> in the PEP I am writing (with help from others, I should note).
>> Proxies are a wrapper around objects that restrict access to the object.
>> This restriction extends all the way to the core; even core code can't
>> access to parts of a proxied object that it doesn't want any object to
>> a hold of.
> Its not clear to me what you mean by "core code" - certainly anything
> written in C can slice through a proxy without any problems (or, indeed,
> a capability).
That's certainly true...
BTW, just in case you aren't aware of it, mxProxy implements pretty
much what Brett summarized here for proxies. You may want to have
Professional Python Software directly from the Source (#1, Mar 18 2003)
>>> Python/Zope Products & Consulting ... http://www.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
Python UK 2003, Oxford: 14 days left
EuroPython 2003, Charleroi, Belgium: 98 days left