Comments on: Durable Objects http://www.yuiblog.com/blog/2008/05/24/durable-objects/ The official blog of the YUI Project. Thu, 09 Feb 2012 01:46:52 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Javascript silo proposals « captain holly java blog http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-589833 Javascript silo proposals « captain holly java blog Fri, 26 Mar 2010 03:18:14 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-589833 [...] This article carries this idea further to create “Durable” objects — objects that, even though they have publicly accessible methods cannot have them switched out by another script. [...] [...] This article carries this idea further to create “Durable” objects — objects that, even though they have publicly accessible methods cannot have them switched out by another script. [...]

]]> By: Douglas Crockford http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-388074 Douglas Crockford Mon, 02 Jun 2008 19:22:35 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-388074 Billy, Suppose you have a method C that calls this.A and this.B. If an attacker replaces your methods with his, then C will be compromised. Function C would be vulnerable if it used this. Rytis, Inheritance is obtained by calling another durable constructor. var that = another_constructor(); Billy,

Suppose you have a method C that calls this.A and this.B. If an attacker replaces your methods with his, then C will be compromised. Function C would be vulnerable if it used this.

Rytis,

Inheritance is obtained by calling another durable constructor.

var that = another_constructor();

]]> By: James Norton http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-384694 James Norton Thu, 29 May 2008 11:21:34 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-384694 I agree with Billy, what is the difference between what you propose and instantiating an instance of a constructor with private members? I agree with Billy, what is the difference between what you propose and instantiating an instance of a constructor with private members?

]]> By: Rytis Daugirdas http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-384135 Rytis Daugirdas Wed, 28 May 2008 16:12:28 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-384135 But what about inheritance? How would you inherit properties/methods from another "durable" object? But what about inheritance? How would you inherit properties/methods from another “durable” object?

]]> By: Billy Reisinger http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-384064 Billy Reisinger Wed, 28 May 2008 13:24:36 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-384064 Douglas, What exactly is the difference between what you outlined in the original article, specifically returning "that", and doing this? <code> var Durable = function() { var a = 2; var b = 4; this.getA = function() { return a; } this.getB = function() { return b; } } </code> TIA, Billy Douglas,
What exactly is the difference between what you outlined in the original article, specifically returning “that”, and doing this?

var Durable = function() {
var a = 2;
var b = 4;
this.getA = function() {
return a;
}
this.getB = function() {
return b;
}
}

TIA,
Billy

]]> By: Douglas Crockford http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-382423 Douglas Crockford Sun, 25 May 2008 23:03:22 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-382423 There are no private methods in the prototype. All members, including all methods, are public. There are no private methods in the prototype. All members, including all methods, are public.

]]> By: Simon http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-382419 Simon Sun, 25 May 2008 22:58:04 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-382419 Is there any mechanism for protecting private methods defined on the prototype of an object? Is there any mechanism for protecting private methods defined on the prototype of an object?

]]> By: Joey Hurst http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-382197 Joey Hurst Sun, 25 May 2008 15:55:07 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-382197 Douglas: Thanks for the reply. Re Kerckhoffs' Principle: definitely agree. I should have chosen the variable name "secret" more carefully, perhaps calling it "private," or simply "state." The point was that one has to be careful not to expose references to private variables by one means or another, as this will allow a third party to manipulate the durable object's state directly. As you mentioned, projects like Caja and ADSafe can address (pun intended) these additional concerns. Douglas: Thanks for the reply.

Re Kerckhoffs’ Principle: definitely agree.

I should have chosen the variable name “secret” more carefully, perhaps calling it “private,” or simply “state.” The point was that one has to be careful not to expose references to private variables by one means or another, as this will allow a third party to manipulate the durable object’s state directly. As you mentioned, projects like Caja and ADSafe can address (pun intended) these additional concerns.

]]> By: Douglas Crockford http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-382180 Douglas Crockford Sun, 25 May 2008 15:08:43 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-382180 Peter, Your security cannot depend on your global variables if the attacker has access to your global variables, including your global functions and constructors. An attacker can trivially replace your functions with his. Try your attack under ADsafe. The attacker does not get access to your global durable function. The attacker does not get access to the DOM so he cannot examine the script tags. The attacker does get access to the ADSAFE object which could contain functions that facilitate interwidget communication, including the exchange of durable objects. Peter,

Your security cannot depend on your global variables if the attacker has access to your global variables, including your global functions and constructors. An attacker can trivially replace your functions with his.

Try your attack under ADsafe. The attacker does not get access to your global durable function. The attacker does not get access to the DOM so he cannot examine the script tags. The attacker does get access to the ADSAFE object which could contain functions that facilitate interwidget communication, including the exchange of durable objects.

]]> By: Douglas Crockford http://www.yuiblog.com/blog/2008/05/24/durable-objects/comment-page-1/#comment-382133 Douglas Crockford Sun, 25 May 2008 13:40:02 +0000 http://yuiblog.com/blog/2008/05/24/durable-objects/#comment-382133 The Kerckhoffs's Principle tells us that we should not be putting secrets in the source of the programs, and we should not be inconvenienced by the enemy reading the source of our programs. The Kerckhoffs’s Principle tells us that we should not be putting secrets in the source of the programs, and we should not be inconvenienced by the enemy reading the source of our programs.

]]>