From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Derived private interface
Date: Mon, 1 Aug 2011 12:12:32 +0200
Date: 2011-08-01T12:12:32+02:00 [thread overview]
Message-ID: <1rlxo1uthv5xt.1agapd9q0mek4$.dlg@40tude.net> (raw)
In-Reply-To: j15rnq$vma$2@dont-email.me
On Mon, 01 Aug 2011 11:30:33 +0200, Alex R. Mosteo wrote:
> Simon Wright wrote:
>
>> "Randy Brukardt" <randy@rrsoftware.com> writes:
>>
>>> "Simon Wright" <simon@pushface.org> wrote in message
>>> news:m2sjpp4mar.fsf@pushface.org...
>>>> "Randy Brukardt" <randy@rrsoftware.com> writes:
>>>>
>>>>> The design was driven by an extra-paranoid approach to security: if
>>>>> the server had any way for a URL to execute foreign code (a
>>>>> plug-in), then it is highly likely that an attacker would find a way
>>>>> to use buggy URL to execute some foreign code of their choice. Thus
>>>>> the ability to execute foreign code is not provided at all -- all
>>>>> handlers have to compiled into the web server. (Combined with Ada's
>>>>> near prevention of buffer overflows and stack attacks, the two most
>>>>> common vectors of the time were firmly plugged. Of course, traversal
>>>>> prevention and sanitization of parameters still have to be
>>>>> accomplished -- there is no silver bullet to security.) Once you've
>>>>> done that, there isn't much benefit to an OOP approach, since you
>>>>> have to enumerate all of the handlers somewhere in any case.
>>>>
>>>> Interesting. I'd have thought that "implementing the server using
>>>> OOP" and "not providing plugin facilities" were quite separate
>>>> things. The OOP approach could, I suppose, be thought of as a way to
>>>> provide you (Randy) with plugin facilities, but not attackers!
>>>
>>> The root of the problem is that Ada 95 had no way to create a factory
>>> short of writing a giant case statement. That's annoying but OK if you
>>> have a complex interface with many operations to implement. However,
>>> the web server only has a single interface ("here's a URL and a
>>> socket, write the result to the socket"). So there is no advantage to
>>> having a separate case statement in the factory - that would just add
>>> complexity. (The output to the socket has many helper routines in
>>> order to make it easier to write the correct formats, but in any case
>>> the output is nearly free-form text and there is no obvious advantage
>>> to any extensions there.)
>>>
>>> Even in Ada 2005 (which has somewhat better support for factories),
>>> you still have to "with" all of the units involved. It isn't much
>>> harder to write calls into a case statement (especially given the
>>> simplity of the interface).
>>
>> In my EWS (https://sourceforge.net/projects/embed-web-srvr/) there are
>> two 'classes' of response, Static and Dynamic. For static responses, the
>> page to be returned is fixed, and is baked in at build time. For dynamic
>> responses, I have a function
>>
>> type Creator
>> is access function (From_Request : HTTP.Request_P)
>> return Dynamic_Response'Class;
>>
>> and a means of registering Creators
>>
>> procedure Register (The_Creator : Creator; For_The_URL : HTTP.URL);
>>
>> ('URL' isn't quite right, it's the 'abs_path [ "?" query ]' part of an
>> HTTP URL, eg /embed-web-srvr/ in the URL above).
>>
>> For_The_URL is really a String, and the result of registration is
>> effectively a run-time factory. But no case statements!
>
> I have done basically the same for my component-based robotic library, but
> still you have to /with/ all the units you want and call the register
> procedure...
You have not. The procedure Register is called from the body of the package
that provides an implementation. It adds an entry into the global map id ->
object constructor. The object factory sees only this map, it need not to
with any implementations. This is the way I implement persistency layers.
BTW, Generic_Dispatching_Constructor of Ada 2005 did not change much to Ada
95 because of tags. You still need a registering layer to maintain external
name to tag mapping.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2011-08-01 10:12 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-05 3:14 Derived private interface Rego, P.
2011-07-05 5:10 ` AdaMagica
2011-07-06 2:24 ` Rego, P.
2011-07-06 4:34 ` AdaMagica
2011-07-06 7:55 ` Georg Bauhaus
2011-07-06 8:30 ` AdaMagica
2011-07-06 12:59 ` Georg Bauhaus
2011-07-06 13:23 ` AdaMagica
2011-07-06 19:06 ` Randy Brukardt
2011-07-06 13:28 ` Simon Wright
2011-07-06 19:45 ` Randy Brukardt
2011-07-06 22:05 ` Georg Bauhaus
2011-07-06 23:56 ` Adam Beneschan
2011-07-07 14:09 ` Georg Bauhaus
2011-07-07 15:10 ` Adam Beneschan
2011-07-08 4:29 ` AdaMagica
2011-07-08 19:08 ` Randy Brukardt
2011-07-08 19:12 ` Randy Brukardt
2011-07-07 15:19 ` Georg Bauhaus
2011-07-07 10:37 ` Stephen Leake
2011-07-07 13:18 ` Georg Bauhaus
2011-07-08 19:23 ` Randy Brukardt
2011-07-08 21:41 ` Jeffrey Carter
2011-07-09 6:14 ` Dmitry A. Kazakov
2011-07-22 22:59 ` Randy Brukardt
2011-07-23 7:30 ` Jeffrey Carter
2011-07-23 9:29 ` Maciej Sobczak
2011-07-23 10:07 ` Dmitry A. Kazakov
2011-07-26 21:04 ` Randy Brukardt
2011-07-26 23:43 ` Jeffrey Carter
2011-07-27 23:56 ` Randy Brukardt
2011-07-28 0:18 ` Jeffrey Carter
2011-07-28 10:06 ` Maciej Sobczak
2011-07-28 23:24 ` Randy Brukardt
2011-07-29 6:45 ` Simon Wright
2011-07-30 0:04 ` Randy Brukardt
2011-07-30 6:32 ` Simon Wright
2011-08-01 9:30 ` Alex R. Mosteo
2011-08-01 10:12 ` Dmitry A. Kazakov [this message]
2011-08-01 21:56 ` Randy Brukardt
2011-08-02 10:03 ` Dmitry A. Kazakov
2011-08-02 21:16 ` Randy Brukardt
2011-08-03 9:01 ` Dmitry A. Kazakov
2011-08-03 20:16 ` Randy Brukardt
2011-08-04 8:15 ` Dmitry A. Kazakov
2011-08-09 21:10 ` Maciej Sobczak
2011-08-09 21:35 ` Randy Brukardt
2011-08-10 9:11 ` Dmitry A. Kazakov
2011-08-10 21:56 ` Randy Brukardt
2011-08-11 8:07 ` Dmitry A. Kazakov
2011-08-12 4:52 ` Randy Brukardt
2011-08-12 8:54 ` Dmitry A. Kazakov
2011-08-10 10:07 ` Maciej Sobczak
2011-08-10 11:26 ` Georg Bauhaus
2011-08-10 22:27 ` Randy Brukardt
2011-08-10 22:21 ` Randy Brukardt
2011-08-11 13:50 ` Maciej Sobczak
2011-08-12 4:43 ` Randy Brukardt
2011-08-12 7:00 ` Maciej Sobczak
2011-08-12 21:59 ` Randy Brukardt
2011-07-06 15:06 ` Adam Beneschan
2011-07-06 16:36 ` Dmitry A. Kazakov
2011-07-06 19:20 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox