wiki:AuthorityInjection

up/out to: DevTools, TEAL#capsec?, HERONsecuritynotes?, LeastAuthority?

To promote testability and secure composition, pass an object's dependencies to the constructor. The Hollywood Principle is a handy mnemonic: "Don't call us; we'll call you."

For example, rather than having the MovieLister constructor call a MovieFinder constructor:

class MovieLister:

    def __init__(self):
        self._finder = ColonDelimitedMovieFinder("movies.txt")

    def movies_directed_by(self, director):
        for movie in self._finder.find_all():
            if (movie.director == director):
                yield movie

pass the MovieFinder in to the constructor:

class MovieLister:

    def __init__(self, finder):
        self._finder = finder

    def movies_directed_by(self, director):
        for movie in self._finder.find_all():
            if (movie.director == director):
                yield movie

This example is borrowed from Aglyph docs, but in HeronAdminDev etc., we're using the injector python package. The dependency injection pattern is the same, but they have slightly different APIs.

ocap in python: Examples and Snippets

Motivation: Object Capability Style and Dependency Injection

Dependency Injection Myth: Reference Passing by Miško Hevery motivates passing in any source of non-determinism as a constructor arg, for testability.

Capability based security is useful for establishing security properties of a large system in terms of properties of the parts. Security of emakers by Mark Miller et. al. motivates passing in any source of authority (and any source of non-determinism seems to be a source of authority) as a constructor arg.

In a Nov 2008 message from Mike Samuel to cap-talk...

I used the term "authority injection" in contrast with dependency injection when trying to explain that object capability discipline builds on accepted practices to handle authorization decisions instead of requiring programmers to learn new practices.

The link from that message to the slides of his explanation is broken, so see: Securing JavaScript — Object-Capabilities

See also:

Last modified 3 years ago Last modified on 05/21/14 13:24:13

Attachments (2)

Download all attachments as: .zip