Talk:AOLserver Improvement Proposals
Jump to navigation Jump to search
Shared memory authorization model.
Data in shared nsd_ arrays:
- . One solution would be to suggest encrypt/decrypt all values from user perspective, this could be done without any server code change.
- . Another solution would be to re-impliment shared nsd_ array by attaching authorization context to executing threads and evaluating that context for protected memory. This would require significant server code change and likely break existing code.
- . Alternative to above would be to provide nsd_sec_ or similar functions that are instrumented with authorization calls, but perform similar function to current nsd_ shared arrays. Applications that want to have their shared memory data protected would use these functions -- the nsd_ functions would not have access to these arrays. This could be provided via an additional module that accesses a secondary non-addressable (to nsd_) shared memory space. Suggestion would be to have a tree structure of named hierarchical nodes ("root/myapp/myvar") where authorization model could protect "root/myapp/*" according to some policy (say, current executing script path, but that is kludge). More thought warranted.
- --Caveman 12:02, 3 December 2005 (EST)