Re: ConfirmPassword

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ConfirmPassword

From:	Jonathan S. Shapiro
Subject:	Re: ConfirmPassword
Date:	Tue, 25 Oct 2005 21:12:00 -0400

On Tue, 2005-10-25 at 19:50 +0200, Martin Schaffner wrote:
> Hi, I have two questions concerning agents such as ConfirmPassword and 
> OpenFile/SaveFile:
> 
> * would it be possible to avoid the *requirement* that instantiators 
> can not inspect instantiateds in the following way: If an application 
> (A) wants to ask get a password-protected capability or a file system 
> capability (which you suggest should be done with a trusted utility U 
> such as ConfirmPassword), it has to contact a server S. So instead of 
> giving A a capability to the constructor of U, we just give it a 
> capability to S, which is trusted, and can't be inspected by A.

This would be an unfortunate design, because we now have a situation
where many programs have a common channel of communication, and one can
use this to implement denial of service and/or denial of resource on
another.

Avoiding this is why polyinstantiation is such a useful tool.

For the most part, sharing is a problem to be designed out, not a
feature to be encouraged. Sharing should only exist where it is driven
by the need to solve a concrete *user*-driven requirement.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

ConfirmPassword, Martin Schaffner, 2005/10/25
- Re: ConfirmPassword, Bas Wijnen, 2005/10/25
  - Re: ConfirmPassword, Jonathan S. Shapiro, 2005/10/25
- Re: ConfirmPassword, Jonathan S. Shapiro <=

Prev by Date: Re: On Compatibility
Next by Date: Re: Let's do some coding :-)
Previous by thread: Re: ConfirmPassword
Next by thread: POSIX Layer, Stronger Chassis (Was: Re: Compatibility)
Index(es):
- Date
- Thread