Welcome!

Open Source Authors: Hovhannes Avoyan, Al Mannarino, Christopher Keene, Anatoly Krivitsky, Suresh Krishna Madhuvarsu

Related Topics: Websphere, AJAX & REA

Websphere: Article

Douglas Crockford on JavaScript Security: Durable Objects

Durable objects can perfectly guard their state by using a variation of the Module Pattern
By Douglas Crockford
Article Rating:
June 4, 2008 10:15 PM EDT
Reads:
 5,099
Yahoo! User Interface Blog

Cooperating applications, such as mashups, must be able to exchange objects with robust interfaces. An object must be able to encapsulate its state such that the state can be modified only as permitted by its own methods. JavaScript’s objects are soft and currently the language does not include any means to harden them, so an attacker can easily access the fields directly and replace the methods with his own.

Fortunately, JavaScript provides the means to construct durable objects that can perfectly guard their state by using a variation of the Module Pattern. You’ll recall that the Module Pattern makes it possible to make an object with privileged methods. Privileged methods are able to access the private state of the constructor’s closure. By adding one simple rule, we can easily generate secure objects:
A durable object contains no visible data members, and its methods use neither this nor that.
This is a template for a durable constructor: function durable(parameters) {     var that = {} or the product of another durable constructor;     var private variables;     function method() {         …     }     that.method = method;return that; } Define all of your methods as private methods. The methods you choose to expose to the public get copied into that.

None of the functions defined or inherited make use of that or this. We can give the object created by the durable constructor to untrusted code. That code will be unable to get direct access to the private state. It can replace the methods with its own methods, but that only reduces the usefulness of the object to the attacker. It does not weaken or confuse the object. Each method is a capability. The object is just a collection of capabilities.

Durable objects allow code from multiple (possibly untrusted) parties to cooperate. Durable objects can be expressed in a safe subset of JavaScript, such as ADsafe or Cajita.


[This appeared originally here and is republished by kind permission of the author, who retains copyright.]

Published June 4, 2008 – Reads 5,099
Copyright © 2008 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Douglas Crockford

Douglas Crockford, an architect at Yahoo!, is an AJAXWorld regular. A technologist of parts, he has developed office automation systems, done research in games and music at Atari, and been both Director of Technology at Lucasfilm and Director of New Media at Paramount. He was the founder and CEO of Electric Communities/Communities.com and the founder and CTO of State Software, where he discovered JSON. He is interested in Blissymbolics, a graphical, symbolic language, and is developing a secure programming language.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.