Add notes about security.

author: David Walter Seikel 2014-03-26 14:04:05 +1000
committer: David Walter Seikel 2014-03-26 14:04:05 +1000
commit: 5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde (patch)
tree: 7bfb9d05a1a490545af55b1881262c3929d90a00 /ClientHamr
parent: White space redistribution. (diff)
download: SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.zip
SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.tar.gz
SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.tar.bz2
SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.tar.xz
1 files changed, 58 insertions, 0 deletions
diff --git a/ClientHamr/GuiLua/skang.lua b/ClientHamr/GuiLua/skang.lua
index e24523f..0ba16cb 100644
--- a/ClientHamr/GuiLua/skang.lua
+++ b/ClientHamr/GuiLua/skang.lua
@@ -465,6 +465,64 @@ end
 ]]
+--[[ security package
+Java skang could run as a stand alone applicion, as an applet in a web
+page, or as a servlet on a web server.  This was pretty much all
+transparent to the user.  The security system reflected that.  Lua skang
+wont run in web pages, but can still have client / server behaviour. 
+The general idea was, and still is, that the GUI is the client side (in
+web page, in extantz GUI) that sends values back to the server side
+(servlet, actual Lua package running as a separate process, or the world
+server for in world scripts).  Client side can request that server side
+runs commands.  Serevr side can send values and commands back to the
+client.  Mostly it all happenes automatically through the ACLs.
+Bouncer is the Java skang security manager, it extended the Java
+SecurityManager.  Lua has no such thing, though C code running stuff in
+a sandbox does a similar job.  Fascist is the Java security supervisor,
+again should go inot the C sandbox.
+Human is used for authenticating a human, Puter for authenticating a
+computer, Suits for corporate style authentication, and they all
+extended Who, the base authentication module.
+For now, I have no idea how this all translates into Lua, but putting
+this here for a reminder to think about security during the design
+stage.
+This is the old Java ACL definition -
+        acl - access control list.
+Owner is usually the person running the Thingspace.
+RWX~,---,Rwxgroup1,r--group2,r-xgroup3,rw-group4,--X~user1
+rwx~ is for the owner.  The second one is the default.  The rest are per group or per user.
+Capital letters mean that they get access from the network to.
+--- No access at all.
+RWX Full access.
+R-- Read only access.
+r-x Read and execute, but only locally.
+rw- Read and write a field, but don't execute a method.
+-w- A password.
+-a- An append only log file.
+-A- An append only log file on the server.
+Ri- read, but only set from init (ei. skinURL not set from properties or skang files).
+RI- As above, but applet.init() can set it too.
+--x Thing is both method and field, only execution of the method is allowed.
+--p Run as owner (Pretend).
+--P Run across the network as owner (can run in applet triggered by server).
+s-- Read only, but not even visible to applets.
+sss Only visible to servlets and applications.
+--S Send to servlet to execute if applet, otherwise execute normally.
+S-- Read only, but ignore local version and get it from server.
+ggg GUI Thing, only visible to Applets and applications.
+GGG GUI Thing, but servlets can access them across the net.
+For servlet only modules from an applet, the applet only loads the skanglet class, using it for all
+access to the module.
+]]
 -- Gotta check out this _ENV thing, 5.2 only.  Seems to replace the need for setfenv().  Seems like setfenv should do what we want, and is more backward compatible.
 --   "_ENV is not supported directly in 5.1, so its use can prevent a module from remaining compatible with 5.1.
 --   Maybe you can simulate _ENV with setfenv and trapping gets/sets to it via __index/__newindex metamethods, or just avoid _ENV."
author	David Walter Seikel	2014-03-26 14:04:05 +1000
committer	David Walter Seikel	2014-03-26 14:04:05 +1000
commit	5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde (patch)
tree	7bfb9d05a1a490545af55b1881262c3929d90a00 /ClientHamr
parent	White space redistribution. (diff)
download	SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.zip SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.tar.gz SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.tar.bz2 SledjHamr-5a81dfa853fe2a2d76e406a6cbbf94afb0e10bde.tar.xz

diff --git a/ClientHamr/GuiLua/skang.lua b/ClientHamr/GuiLua/skang.lua index e24523f..0ba16cb 100644 --- a/ClientHamr/GuiLua/skang.lua +++ b/ClientHamr/GuiLua/skang.lua
@@ -465,6 +465,64 @@ end
465	]]	465	]]
466		466
467		467
		468	--[[ security package
		469
		470	Java skang could run as a stand alone applicion, as an applet in a web
		471	page, or as a servlet on a web server. This was pretty much all
		472	transparent to the user. The security system reflected that. Lua skang
		473	wont run in web pages, but can still have client / server behaviour.
		474	The general idea was, and still is, that the GUI is the client side (in
		475	web page, in extantz GUI) that sends values back to the server side
		476	(servlet, actual Lua package running as a separate process, or the world
		477	server for in world scripts). Client side can request that server side
		478	runs commands. Serevr side can send values and commands back to the
		479	client. Mostly it all happenes automatically through the ACLs.
		480
		481	Bouncer is the Java skang security manager, it extended the Java
		482	SecurityManager. Lua has no such thing, though C code running stuff in
		483	a sandbox does a similar job. Fascist is the Java security supervisor,
		484	again should go inot the C sandbox.
		485
		486	Human is used for authenticating a human, Puter for authenticating a
		487	computer, Suits for corporate style authentication, and they all
		488	extended Who, the base authentication module.
		489
		490	For now, I have no idea how this all translates into Lua, but putting
		491	this here for a reminder to think about security during the design
		492	stage.
		493
		494
		495	This is the old Java ACL definition -
		496	acl - access control list.
		497	Owner is usually the person running the Thingspace.
		498	RWX~,---,Rwxgroup1,r--group2,r-xgroup3,rw-group4,--X~user1
		499	rwx~ is for the owner. The second one is the default. The rest are per group or per user.
		500	Capital letters mean that they get access from the network to.
		501	--- No access at all.
		502	RWX Full access.
		503	R-- Read only access.
		504	r-x Read and execute, but only locally.
		505	rw- Read and write a field, but don't execute a method.
		506	-w- A password.
		507	-a- An append only log file.
		508	-A- An append only log file on the server.
		509	Ri- read, but only set from init (ei. skinURL not set from properties or skang files).
		510	RI- As above, but applet.init() can set it too.
		511	--x Thing is both method and field, only execution of the method is allowed.
		512	--p Run as owner (Pretend).
		513	--P Run across the network as owner (can run in applet triggered by server).
		514	s-- Read only, but not even visible to applets.
		515	sss Only visible to servlets and applications.
		516	--S Send to servlet to execute if applet, otherwise execute normally.
		517	S-- Read only, but ignore local version and get it from server.
		518	ggg GUI Thing, only visible to Applets and applications.
		519	GGG GUI Thing, but servlets can access them across the net.
		520
		521	For servlet only modules from an applet, the applet only loads the skanglet class, using it for all
		522	access to the module.
		523	]]
		524
		525
468	-- Gotta check out this _ENV thing, 5.2 only. Seems to replace the need for setfenv(). Seems like setfenv should do what we want, and is more backward compatible.	526	-- Gotta check out this _ENV thing, 5.2 only. Seems to replace the need for setfenv(). Seems like setfenv should do what we want, and is more backward compatible.
469	-- "_ENV is not supported directly in 5.1, so its use can prevent a module from remaining compatible with 5.1.	527	-- "_ENV is not supported directly in 5.1, so its use can prevent a module from remaining compatible with 5.1.
470	-- Maybe you can simulate _ENV with setfenv and trapping gets/sets to it via __index/__newindex metamethods, or just avoid _ENV."	528	-- Maybe you can simulate _ENV with setfenv and trapping gets/sets to it via __index/__newindex metamethods, or just avoid _ENV."