Open tgrospic opened 5 years ago
I think your godId
does the same thing that speciesId
is intended to do.
Granted, speciesId
is not enforcing security yet because of the bundle bug.
Granted, godId
does fix the specific issue of calling "personFactory"
arbitrarily.
But godId
does not fix all possible security issues with this pattern that properly-working bundles would. Consider for example if I create two species, dog and cat. Now I have four individuals (adam dog, eve dog, adam cat, eve cat). Without the bundles, I can use pattern matching to extract the species ids as well as the individual ids. Then I can make some kind of mutant by parring {*dogSpeciesId | *adamCatIndividualId}
and breed it with eve dog.
hmmm, maybe that's a feature not a bug ;-) What do you think @tgrospic It might be helpful to also consider https://github.com/JoshOrndorff/librho/pull/16 where I've used the same patterns.
I've added
godId
to protect"personFactory"
from external call.