任何语言中是否存在隔离/沙箱访问修饰符?
是否有一种语言具有可以阻止一个类访问任何其他类的功能,除非包含实例或引用?
isolated class Example {
public Integer i;
public void doSomething()
{
i = 5; // This is ok because i belongs to this class
/*
* This is forbidden because this class can only
* access anything contained within, nothing outside
*/
System.out.println("This does not work.");
}
}
[编辑]一个示例用例可能是插件系统。我可以定义一个插件对象,引用该类可以操作的某些对象,但不允许其他任何对象。它可能会使安全问题变得更加容易。[/编辑]
Is there a language which has a feature that can prevent a class accessing any other class, unless an instance or reference is contained?
isolated class Example {
public Integer i;
public void doSomething()
{
i = 5; // This is ok because i belongs to this class
/*
* This is forbidden because this class can only
* access anything contained within, nothing outside
*/
System.out.println("This does not work.");
}
}
[edit]An example use case might be a plugin system. I could define a plugin object with references to certain objects that class can manipulate, but nothing else is permissible. It could potentially make security concerns much easier.[/edit]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不知道任何基于类的访问修饰符具有这种意图,但我相信访问修饰符无论如何都会被误导。
基于功能的安全性,或更具体地说,对象功能模型似乎就是您想要的。
http://en.wikipedia.org/wiki/Object-capability_model
基本思想是为了对一个对象做任何事情,你需要持有它的引用。保留引用,则无法访问。
全局事物(例如 System.out.println)和其他一些事物是语言的有问题的功能,因为任何人都可以在没有引用的情况下访问它们。
E 等语言或 google caja(用于 Javascript)等工具允许正确的对象能力模型。这是 JS 中的示例:
I'm not aware of any class-based access modifiers with such intent, but I believe access modifiers to be misguided anyway.
Capability-based security or, more specifically, the object-capability model seems to be what you want.
http://en.wikipedia.org/wiki/Object-capability_model
The basic idea is that in order to do anything with an object, you need to hold a reference to it. Withhold the reference and no access is possible.
Global things (such as System.out.println) and a few other things are problematic features of a language, because anyone can access them without a reference.
Languages such as E, or tools like google caja (for Javascript) allow proper object-capability models. Here an example in JS:
任何必须包含标题的语言都可能算在内:只要不包含任何标题即可。
但是,我敢打赌,没有任何语言明确禁止外部访问。有什么意义?如果你无法接触到外部世界,你就什么也做不了。而且,为什么对
Integer的引用可以,但System.out.println却不行?如果您澄清潜在的用例,我们可能可以更好地帮助您...
编辑您的编辑:
我认为您可能会去那里。
如果这是为了安全,那么从一开始就有缺陷。让我们检查一下:
我必须自愿在我的课程上放置关键字的动机是什么?我当然不会因为我很好,因为我不是!
需要考虑的一件事是,任何时候您加载不属于您自己的本机代码(在本例中,本机意味着未编写脚本),您都可能允许坏人运行他的代码。任何语言功能都无法保护您免受这种情况的影响。
正确的答案取决于您的目标语言。 Java 有安全描述符,.NET 允许您创建具有受限权限的 AppDomain,等等。不幸的是,我不是这些领域的专家。
Any language where you must include headers would probably count: Just don't include any headers.
However, I would wager that there's no language that explicitly forbids external access. What's the point? You can't do anything if you can't access the outside world. And, why would the reference to
Integerbe okay, butSystem.out.printlnnot be?If you clarify the potential use-case, we can probably help you better...
Edit for your Edit:
I thought you might be going there.
If this is for security, it's flawed from the start. Let's examine:
What incentive do I have to voluntarily place a keyword on my class? I'm certainly not going to because I'm nice, since I'm not!
One thing to consider is that any time you're loading native code that's not your own (native, in this case, means not scripted), you're potentially allowing a bad guy to run his code. No language features are going to protect you from that.
The proper answer depends on your target language. Java has Security descriptors, .NET lets you create AppDomains with restricted permissions, etc. Unfortunately, I'm not an expert in these fields.