https://panoptic.com/mediawiki/aolserver/index.php?action=history&feed=atom&title=Talk%3AAOLserver_Improvement_ProposalsTalk:AOLserver Improvement Proposals - Revision history2026-04-24T21:37:25ZRevision history for this page on the wikiMediaWiki 1.34.2https://panoptic.com/mediawiki/aolserver/index.php?title=Talk:AOLserver_Improvement_Proposals&diff=4489&oldid=prevCaveman: added shared memory authorization model draft for discussion2005-12-03T17:02:20Z<p>added shared memory authorization model draft for discussion</p>
<p><b>New page</b></p><div><br />
'''Shared memory authorization model.'''<br />
<br />
Data in shared nsd_ arrays:<br />
#. One solution would be to suggest encrypt/decrypt all values from user perspective, this could be done without any server code change.<br />
#. Another solution would be to re-impliment shared nsd_ array by attaching authorization context to executing threads and evaluating that context for protected memory. This would require significant server code change and likely break existing code.<br />
#. Alternative to above would be to provide nsd_sec_ or similar functions that are instrumented with authorization calls, but perform similar function to current nsd_ shared arrays. Applications that want to have their shared memory data protected would use these functions -- the nsd_ functions would not have access to these arrays. This could be provided via an additional module that accesses a secondary non-addressable (to nsd_) shared memory space. Suggestion would be to have a tree structure of named hierarchical nodes ("root/myapp/myvar") where authorization model could protect "root/myapp/*" according to some policy (say, current executing script path, but that is kludge). More thought warranted.<br />
<br />
- --[[User:Caveman|Caveman]] 12:02, 3 December 2005 (EST)<br />
<br />
----</div>Caveman