Open stefan-isc opened 1 year ago
in my DreamBerd rs implementation you can do
var var balance = 2!
// most of our program can easily access this value
{
// inner definition shadows original balance, and the value is copied
const const balance = balance!
process_user_input()!
}
// we can access the outer value once the block ends
Of course, if you really wanted to prevent hackers from stealing your data, you'd use a language like Haskell, which can be mathematically proven to be secure (incapable of performing basic tasks necessary for your use case)
// inner definition shadows original balance, and the value is copied const const balance = balance!
This would still mean the original mutable value is present in the scope of the user interaction, meaning it could still be changed using constructs like before
.
Preferably, make_const_const
would make this impossible.
However, a safer way of allowing mutability by only specific parts of our code would be to add a whitelist for functions being able to mutate a const const variable:
const const(allows someOtherFunction) balance = 68!
process_user_input()! // We are safe, balance can only be mutated by someOtherFunction
Hello
We have encountered a minor inconvenience while using DreamBerd in a production environment. Hackers can sometimes modify data and variables when parsing/processing user input.
To mitigate this issue, we propose introducing a feature that allows us to temporarily increase the const-ness of specific critical variables (e.g., other users' balance) before processing user input. After the processing is complete, we should be able to decrease the const-ness accordingly. This enhancement would prevent unauthorized modification of variables and significantly strengthen the security of our system.
Example Code:
We are looking forward to your feedback and potential implementation of this feature.