[5836] in www-talk@info.cern.ch
Re: Forms support in clients
daemon@ATHENA.MIT.EDU (Nathaniel Borenstein)
Tue Sep 27 07:39:53 1994
Date: Tue, 27 Sep 1994 12:37:17 +0100
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: nsb@nsb.fv.com
From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Excerpts from www-talk: 27-Sep-94 Re: Forms support in clients Karl
Auerbach@cavebear.c (1137)
> We are finding security to be a real tough nut to crack. In our
> definition, programs can create yet more programs on other machines.
> It's necessary to add mechanisms to keep track of chains of privilege
> and prevent mutations, etc. simply having a "safe" execution
> environment isn't enough if it is possible to establish a collection
> of interacting machines which is not also "safe".
> I suspect before we get into picking a language we really ought to
> cogitate for a while and try to understant how much power we want to
> put into smart documents.
Yes, a very tough nut to crack. I'm glad to hear you say it, actually
-- I spent five years of my life working on this problem, I'm glad to
hear it isn't actually trivial!
I suggest that you might want to read my CSCW 92 paper on the ATOMICMAIL
language. This was a predecessor of Safe-Tcl, now defunct, but was
based on your beloved LISP syntax. You might find some of the security
problems in a safe LISP variant were already addressed in that work.
For my part, spending several years building a safe LISP variant was one
of the things that convinced me that Tcl was a far more appropriate
language model for this sort of thing. -- Nathaniel
