From: "Alex R. Mosteo" <alejandro@mosteo.invalid>
Subject: Re: Derived private interface
Date: Mon, 01 Aug 2011 11:30:33 +0200
Date: 2011-08-01T11:30:33+02:00 [thread overview]
Message-ID: <j15rnq$vma$2@dont-email.me> (raw)
In-Reply-To: m2fwlo46tm.fsf@pushface.org
Simon Wright wrote:
> "Randy Brukardt" <randy@rrsoftware.com> writes:
>
>> "Simon Wright" <simon@pushface.org> wrote in message
>> news:m2sjpp4mar.fsf@pushface.org...
>>> "Randy Brukardt" <randy@rrsoftware.com> writes:
>>>
>>>> The design was driven by an extra-paranoid approach to security: if
>>>> the server had any way for a URL to execute foreign code (a
>>>> plug-in), then it is highly likely that an attacker would find a way
>>>> to use buggy URL to execute some foreign code of their choice. Thus
>>>> the ability to execute foreign code is not provided at all -- all
>>>> handlers have to compiled into the web server. (Combined with Ada's
>>>> near prevention of buffer overflows and stack attacks, the two most
>>>> common vectors of the time were firmly plugged. Of course, traversal
>>>> prevention and sanitization of parameters still have to be
>>>> accomplished -- there is no silver bullet to security.) Once you've
>>>> done that, there isn't much benefit to an OOP approach, since you
>>>> have to enumerate all of the handlers somewhere in any case.
>>>
>>> Interesting. I'd have thought that "implementing the server using
>>> OOP" and "not providing plugin facilities" were quite separate
>>> things. The OOP approach could, I suppose, be thought of as a way to
>>> provide you (Randy) with plugin facilities, but not attackers!
>>
>> The root of the problem is that Ada 95 had no way to create a factory
>> short of writing a giant case statement. That's annoying but OK if you
>> have a complex interface with many operations to implement. However,
>> the web server only has a single interface ("here's a URL and a
>> socket, write the result to the socket"). So there is no advantage to
>> having a separate case statement in the factory - that would just add
>> complexity. (The output to the socket has many helper routines in
>> order to make it easier to write the correct formats, but in any case
>> the output is nearly free-form text and there is no obvious advantage
>> to any extensions there.)
>>
>> Even in Ada 2005 (which has somewhat better support for factories),
>> you still have to "with" all of the units involved. It isn't much
>> harder to write calls into a case statement (especially given the
>> simplity of the interface).
>
> In my EWS (https://sourceforge.net/projects/embed-web-srvr/) there are
> two 'classes' of response, Static and Dynamic. For static responses, the
> page to be returned is fixed, and is baked in at build time. For dynamic
> responses, I have a function
>
> type Creator
> is access function (From_Request : HTTP.Request_P)
> return Dynamic_Response'Class;
>
> and a means of registering Creators
>
> procedure Register (The_Creator : Creator; For_The_URL : HTTP.URL);
>
> ('URL' isn't quite right, it's the 'abs_path [ "?" query ]' part of an
> HTTP URL, eg /embed-web-srvr/ in the URL above).
>
> For_The_URL is really a String, and the result of registration is
> effectively a run-time factory. But no case statements!
I have done basically the same for my component-based robotic library, but
still you have to /with/ all the units you want and call the register
procedure... Still, I find this sufficiently neat (you don't have to edit
any central piece of code (besides the main procedure, but that's OK to me
--you're expressing your necessities there).
next prev parent reply other threads:[~2011-08-01 9:30 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-05 3:14 Derived private interface Rego, P.
2011-07-05 5:10 ` AdaMagica
2011-07-06 2:24 ` Rego, P.
2011-07-06 4:34 ` AdaMagica
2011-07-06 7:55 ` Georg Bauhaus
2011-07-06 8:30 ` AdaMagica
2011-07-06 12:59 ` Georg Bauhaus
2011-07-06 13:23 ` AdaMagica
2011-07-06 19:06 ` Randy Brukardt
2011-07-06 13:28 ` Simon Wright
2011-07-06 19:45 ` Randy Brukardt
2011-07-06 22:05 ` Georg Bauhaus
2011-07-06 23:56 ` Adam Beneschan
2011-07-07 14:09 ` Georg Bauhaus
2011-07-07 15:10 ` Adam Beneschan
2011-07-08 4:29 ` AdaMagica
2011-07-08 19:08 ` Randy Brukardt
2011-07-08 19:12 ` Randy Brukardt
2011-07-07 15:19 ` Georg Bauhaus
2011-07-07 10:37 ` Stephen Leake
2011-07-07 13:18 ` Georg Bauhaus
2011-07-08 19:23 ` Randy Brukardt
2011-07-08 21:41 ` Jeffrey Carter
2011-07-09 6:14 ` Dmitry A. Kazakov
2011-07-22 22:59 ` Randy Brukardt
2011-07-23 7:30 ` Jeffrey Carter
2011-07-23 9:29 ` Maciej Sobczak
2011-07-23 10:07 ` Dmitry A. Kazakov
2011-07-26 21:04 ` Randy Brukardt
2011-07-26 23:43 ` Jeffrey Carter
2011-07-27 23:56 ` Randy Brukardt
2011-07-28 0:18 ` Jeffrey Carter
2011-07-28 10:06 ` Maciej Sobczak
2011-07-28 23:24 ` Randy Brukardt
2011-07-29 6:45 ` Simon Wright
2011-07-30 0:04 ` Randy Brukardt
2011-07-30 6:32 ` Simon Wright
2011-08-01 9:30 ` Alex R. Mosteo [this message]
2011-08-01 10:12 ` Dmitry A. Kazakov
2011-08-01 21:56 ` Randy Brukardt
2011-08-02 10:03 ` Dmitry A. Kazakov
2011-08-02 21:16 ` Randy Brukardt
2011-08-03 9:01 ` Dmitry A. Kazakov
2011-08-03 20:16 ` Randy Brukardt
2011-08-04 8:15 ` Dmitry A. Kazakov
2011-08-09 21:10 ` Maciej Sobczak
2011-08-09 21:35 ` Randy Brukardt
2011-08-10 9:11 ` Dmitry A. Kazakov
2011-08-10 21:56 ` Randy Brukardt
2011-08-11 8:07 ` Dmitry A. Kazakov
2011-08-12 4:52 ` Randy Brukardt
2011-08-12 8:54 ` Dmitry A. Kazakov
2011-08-10 10:07 ` Maciej Sobczak
2011-08-10 11:26 ` Georg Bauhaus
2011-08-10 22:27 ` Randy Brukardt
2011-08-10 22:21 ` Randy Brukardt
2011-08-11 13:50 ` Maciej Sobczak
2011-08-12 4:43 ` Randy Brukardt
2011-08-12 7:00 ` Maciej Sobczak
2011-08-12 21:59 ` Randy Brukardt
2011-07-06 15:06 ` Adam Beneschan
2011-07-06 16:36 ` Dmitry A. Kazakov
2011-07-06 19:20 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox