[Python-Dev] new security doc using object-capabilities

Greg Ewing greg.ewing at canterbury.ac.nz
Tue Jul 25 02:04:44 CEST 2006


Phillip J. Eby wrote:

> When I say "name checker" I mean the Zope type that allows you to specify a 
> list of names that are allowed for a given object.  This allowing is not 
> based on identity or code signing or anything like that.  It's just a list 
> of attribute names: i.e. a capability mask over an existing object.

But this is backwards from what a true object-capability
system should be like if it's properly designed. Instead
of starting with too-powerful objects and trying to
hide some of their powers, the different powers should
be separated into different objects in the first place.

It sounds to me like Zope is using the approach it's
using because it's having to work with Python as it
currently is, not because its approach is the best one.

--
Greg


More information about the Python-Dev mailing list