任何语言中是否存在隔离/沙箱访问修饰符?

发布于 2024-10-01 15:53:06 字数 504 浏览 6 评论 0原文

是否有一种语言具有可以阻止一个类访问任何其他类的功能,除非包含实例或引用?

isolated class Example {

    public Integer i;

    public void doSomething()
    {
        i = 5; // This is ok because i belongs to this class

        /*
         * This is forbidden because this class can only
         * access anything  contained within, nothing outside
         */
        System.out.println("This does not work.");
    }
}

[编辑]一个示例用例可能是插件系统。我可以定义一个插件对象,引用该类可以操作的某些对象,但不允许其他任何对象。它可能会使安全问题变得更加容易。[/编辑]

Is there a language which has a feature that can prevent a class accessing any other class, unless an instance or reference is contained?

isolated class Example {

    public Integer i;

    public void doSomething()
    {
        i = 5; // This is ok because i belongs to this class

        /*
         * This is forbidden because this class can only
         * access anything  contained within, nothing outside
         */
        System.out.println("This does not work.");
    }
}

[edit]An example use case might be a plugin system. I could define a plugin object with references to certain objects that class can manipulate, but nothing else is permissible. It could potentially make security concerns much easier.[/edit]

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

诠释孤独 2024-10-08 15:53:06

我不知道任何基于类的访问修饰符具有这种意图,但我相信访问修饰符无论如何都会被误导。

基于功能的安全性,或更具体地说,对象功能模型似乎就是您想要的。

http://en.wikipedia.org/wiki/Object-capability_model

基本思想是为了对一个对象做任何事情,你需要持有它的引用。保留引用,则无法访问。

全局事物(例如 System.out.println)和其他一些事物是语言的有问题的功能,因为任何人都可以在没有引用的情况下访问它们。

E 等语言或 google caja(用于 Javascript)等工具允许正确的对象能力模型。这是 JS 中的示例:

function Example(someObj) {

    this.someObj = someObj;

    this.doStuff() = function() {
        this.someObj.foo(); //allowed, we have been given a reference to it
        alert("foobar"); //caja may deny/proxy access to global "alert"
    }
}

I'm not aware of any class-based access modifiers with such intent, but I believe access modifiers to be misguided anyway.

Capability-based security or, more specifically, the object-capability model seems to be what you want.

http://en.wikipedia.org/wiki/Object-capability_model

The basic idea is that in order to do anything with an object, you need to hold a reference to it. Withhold the reference and no access is possible.

Global things (such as System.out.println) and a few other things are problematic features of a language, because anyone can access them without a reference.

Languages such as E, or tools like google caja (for Javascript) allow proper object-capability models. Here an example in JS:

function Example(someObj) {

    this.someObj = someObj;

    this.doStuff() = function() {
        this.someObj.foo(); //allowed, we have been given a reference to it
        alert("foobar"); //caja may deny/proxy access to global "alert"
    }
}
贵在坚持 2024-10-08 15:53:06

任何必须包含标题的语言都可能算在内:只要不包含任何标题即可。

但是,我敢打赌,没有任何语言明确禁止外部访问。有什么意义?如果你无法接触到外部世界,你就什么也做不了。而且,为什么对 Integer 的引用可以,但 System.out.println 却不行?

如果您澄清潜在的用例,我们可能可以更好地帮助您...

编辑您的编辑:

我认为您可能会去那里。

如果这是为了安全,那么从一开始就有缺陷。让我们检查一下:

class EvilCode {
    void DoNiceThings() {
        HardDrive.Format();
    }
}

我必须自愿在我的课程上放置关键字的动机是什么?我当然不会因为我很好,因为我不是!

需要考虑的一件事是,任何时候您加载不属于您自己的本机代码(在本例中,本机意味着未编写脚本),您都可能允许坏人运行他的代码。任何语言功能都无法保护您免受这种情况的影响。

正确的答案取决于您的目标语言。 Java 有安全描述符,.NET 允许您创建具有受限权限的 AppDomain,等等。不幸的是,我不是这些领域的专家。

Any language where you must include headers would probably count: Just don't include any headers.

However, I would wager that there's no language that explicitly forbids external access. What's the point? You can't do anything if you can't access the outside world. And, why would the reference to Integer be okay, but System.out.println not be?

If you clarify the potential use-case, we can probably help you better...

Edit for your Edit:

I thought you might be going there.

If this is for security, it's flawed from the start. Let's examine:

class EvilCode {
    void DoNiceThings() {
        HardDrive.Format();
    }
}

What incentive do I have to voluntarily place a keyword on my class? I'm certainly not going to because I'm nice, since I'm not!

One thing to consider is that any time you're loading native code that's not your own (native, in this case, means not scripted), you're potentially allowing a bad guy to run his code. No language features are going to protect you from that.

The proper answer depends on your target language. Java has Security descriptors, .NET lets you create AppDomains with restricted permissions, etc. Unfortunately, I'm not an expert in these fields.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文