Michael Stone
2008-04-17 21:21:06 UTC
The P_DOCUMENT/P_DOCUMENT_RO protections are unimplemented at present.
This means that there are no access checks at all in the datastore. For
the time being, you can read and write any entries you like. :(
Someday, we will add access checks to the datastore and we will teach
Rainbow to keep track, for each instance, of which documents the user
wants to permit access for. This isn't terribly hard to do well enough
for a demo but making it good enough to deploy is beyond my available
time for the immediate future. If this subject interests you, feel free
to ping me for my thoughts on how to do it (or, even better, to step up
with your own patches!)
Once access checks and state management are in place, instances will
only be able to read DS objects that they are resumed with. They will
only be able to write to DS objects that they are resumed with or that
they are creating for the first time. It is at this point that
P_DOCUMENT and P_DOCUMENT_RO need to be sketched out well enough for
continued development. Then, once we get that working, we could
reasonably consider whether to deply the "DS access checks feature"
since benign activities would then be less able to screw with the DS if
they were subverted.
Michael
This means that there are no access checks at all in the datastore. For
the time being, you can read and write any entries you like. :(
Someday, we will add access checks to the datastore and we will teach
Rainbow to keep track, for each instance, of which documents the user
wants to permit access for. This isn't terribly hard to do well enough
for a demo but making it good enough to deploy is beyond my available
time for the immediate future. If this subject interests you, feel free
to ping me for my thoughts on how to do it (or, even better, to step up
with your own patches!)
Once access checks and state management are in place, instances will
only be able to read DS objects that they are resumed with. They will
only be able to write to DS objects that they are resumed with or that
they are creating for the first time. It is at this point that
P_DOCUMENT and P_DOCUMENT_RO need to be sketched out well enough for
continued development. Then, once we get that working, we could
reasonably consider whether to deply the "DS access checks feature"
since benign activities would then be less able to screw with the DS if
they were subverted.
Michael