r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[!REBOL3]

BrianH
8-Apr-2011
[7830]
Sorry, I meant #1806.
GrahamC
9-Apr-2011
[7831x2]
Where exactly is one supposed to store user specific data for scripts 
eg. userid and passwords
for esmtp etc
Kaj
9-Apr-2011
[7833]
We've talked about it before. It isn't defined yet
GrahamC
9-Apr-2011
[7834]
Is this something we can define then?  Reach a concensus?
Kaj
9-Apr-2011
[7835]
Probably
GrahamC
9-Apr-2011
[7836x2]
Anyone with a suitable suggestion?
I'm suggesting a couple of wrapper functions to return userid and 
password etc so that these can be changed if the store system changes
Kaj
9-Apr-2011
[7838]
That's a good principle
BrianH
9-Apr-2011
[7839x2]
The only consensus we reached was that %user.r would be a good place 
to store preferences, and that it should only store data. Executable 
code would be prohibited in %user.r, and screened for. But we never 
started the discussion of how the preference data would be formatted 
or managed.
The no-executable-code thing is a security issue. R2's treatment 
of %rebol.r and %user.r is a big hole.
GrahamC
9-Apr-2011
[7841x2]
So, do we have a plan .. ??
Andreas is collecting blocks ..
BrianH
9-Apr-2011
[7843x7]
These settings shouldn't go into system/user in R3, they should go 
in system/options/user. The system object will be task-specific, 
but the options are probably going to be global. And system/options/user 
might best be a map!, with categorized options in sub- maps, blocks 
or objects, depending on the situation. Or better yet just sub-maps, 
with the serialized preferences in blocks of name-value pairs so 
they can be parsed, and converted to maps at runtime.
system/options/user: make map! [
    category1 #[map! [
        option1 "value1"
        ...
    ]
    ...
]
Two-level category-options, and then the values could be any type 
you want. Screen thoroughly for evil values.
The %user.r serialization of this data should be human-writeable 
and loaded with LOAD, not DO.
The advantage to serializing directly in SAVE/all form is speed. 
The disadvantages are:

- The preferences file would be uglier to write by hand than block 
form.

- You would have to screen with ASSERT/type in FOREACH instead of 
PARSE.
But the slowness of validating would be offset by the speed of loading 
and saving, so it might be worth it.
Another disadvantage is that loading errors are currently harder 
to recover from with serialized constructors than they are with normal 
literal values like blocks. There's a ticket about this already. 
However, if you are loading the entire preference file in one go 
and just catching the error with TRY, there's no difference in the 
error handling.
Ladislav
10-Apr-2011
[7850x6]
The only consensus we reached was that %user.r would be a good place 
to store preferences, and that it should only store data. Executable 
code would be prohibited in %user.r, and screened for.
 - frankly, that decision never made sense to me.
In my opinion, it is not more secure at all.
...and I am afraid, that it is not hard to prove
...serialized constructors...
 - For me, the terminology is quite unfortunate, because

     "1 2"

is not "more serialized" than

    "#[false] #[true]"


I still do not understand, why it is so important to pretend the 
opposite.
Such an approach just leads to bugs.
Instead of saying 'not "more serialized"', I should have said 'not 
"more or less serialized"'
Reichart
10-Apr-2011
[7856]
Interesting point.  I would suspect the goal is to have the first, 
or top level be "code free", such that it is just settings.

But then, if you "want" you can call upon other files that contain 
code.

As a concept it sounds smart, which is unrelated to the reality that 
it might not be possible.

So, "is it" possible.
BrianH
10-Apr-2011
[7857x3]
Serialized constructors as opposed to serialized values. I used the 
"constructors" term to emhpasize the difference because the important 
distinction in that statement is the additional code that those constructions 
run in the loading process, beyond that in TRANSCODE itself. See 
http://issue.cc/r3/1857for the bug in question.
The security issue is to not have a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under. It's a way to prevent worms.
The real distinction is between serialized constructors: #[map! [a 
1]]

and programmatic constructors that you have to DO: make map! [a 1]
Ladislav
10-Apr-2011
[7860x2]
The security issue is to not have a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under.

- I do not have any problem to agree with that. But, in my opinion, 
this does not require to ban files, that are done automatically. 
Rather, we should make it possible to define special rights for such 
files.
real distinction is between serialized constructors: #[map! [a 1]]...

 - in my opinion, these are not "constructors" for REBOL programmers, 
 since they cannot define them
BrianH
10-Apr-2011
[7862x2]
Not at the OS level. We can only define permissions within REBOL 
itself, not permissions when it isn't running. And REBOL doesn't 
have any facility for user-specific permissions.
Ladislav, REBOL programmers can't define constructors, but they are 
still constructors. We can't define MAKE behavior either (until we 
get user-defined types).
Ladislav
10-Apr-2011
[7864]
as said, for me the formulation: "...a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under..." is substantial, and it can be done, as far as I know.
BrianH
10-Apr-2011
[7865]
Technically, the #[map! []] syntax is not a constructor itself, it 
merely calls a constructor :)
Andreas
10-Apr-2011
[7866]
The security issue is to not have a file that is done automatically 
be writeable using the same permissions that the scripts are run 
under.

sorry, i don't get that. could you try reformulate the problem?
Ladislav
10-Apr-2011
[7867x2]
REBOL programmers can't define constructors, but they are still constructors
 - technically not, since they are not definable
The definability is a property that is used to explain what a constructor 
is.
BrianH
10-Apr-2011
[7869]
Being defineable doesn't make it a constructor. Constructing something 
does.
Ladislav
10-Apr-2011
[7870x2]
OK, my opinion:


The user does neither "see" nor is able to define any constructors. 
What you are referring to are some syntactic constructs, that are 
not constructors at all.
The difference between #[map! [...]] and a constructor is roughly 
the same as the difference between a constructor, and a list of arguments 
given to the constructor, when a constructor is called - it is a 
totally different thing.
BrianH
10-Apr-2011
[7872]
I am talking about the code that is called when those syntactic constructs 
are loaded, which is type-specific and constructs a value of that 
type. REBOL types have 3 builtin constructors (#[type ...], MAKE 
and TO). The user can't create new constructors because the user 
can't create new types.
Ladislav
10-Apr-2011
[7873]
For me, it is just a mess, the "serialized constructors" don't exist 
at all.
BrianH
10-Apr-2011
[7874]
And #1857 indicates that the #[type ...] constructors are seperate 
code from TRANSCODE, and called by it.
Ladislav
10-Apr-2011
[7875]
...and it surely does not make sense to call #[map! [...]] a "serialized 
constructor" - it is just a syntactic "construct" used as data by 
something.
BrianH
10-Apr-2011
[7876]
Quoting myself from above: "Technically, the #[map! []] syntax is 
not a constructor itself, it merely calls a constructor :)"
Ladislav
10-Apr-2011
[7877x2]
It clearly does not correspond to the definition of the "constructor"
That is why I am not a fan of using such a terminological mess
BrianH
10-Apr-2011
[7879]
But using them counts (indirectly) as using constructors.