The Artima Developer Community
Sponsored Link

Proxy Trust
A Conversation with Bob Scheifler, Part II
by Bill Venners
July 15, 2002

<<  Page 2 of 8  >>


Verifying a Proxy uses Local Code

Bob Scheifler: I can say, "Here is the object. What is its class? Is that a downloaded class or a local class relative to me?" If it is a local class, then I can decide whether I trust that class. You might decide all local classes are trustworthy, or maybe you have particular classes that you trust for these purposes. Nonetheless I can look at it, and if it is a local class that I understand I can decide whether or not I trust it.

I can then recursively look at the classes of all of the fields of the object. I can reflectively pull the object apart and do a graph walk of the complete proxy object and all of its subsidiary objects. I can determine if all of their classes are local. If they are local and the data looks good for those types of objects, then I might decide, OK, sure I trust this.

In effect, I have proven to myself that there is no downloaded code. So then I am back to the traditional case. I use local code I trust. There is no downloaded code involved. It might have looked like a downloaded object but, in fact, all of the code resolved locally. I can trust that because it is all local code. I know exactly what it will do. I just call through it.

That is the first stage. It is an interesting mechanism, but it doesn't actually deal with any downloaded code. So how do we deal with the downloaded code case? It sounds a little funny, but I will ask the service if the service trusts the proxy.

<<  Page 2 of 8  >>

Sponsored Links

Copyright © 1996-2018 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use