[Ironruby-core] "Taint" and (internal) copy constructors
Charles Oliver Nutter
charles.nutter at sun.com
Thu Oct 25 11:53:34 EDT 2007
Curt Hagenlocher wrote:
> On 10/25/07, *Charles Oliver Nutter* <charles.nutter at sun.com
> <mailto:charles.nutter at sun.com>> wrote:
> JRuby mimics this behavior, but we've debated just kicking taint and
> SAFE out the window. They're not provably safe (even in MRI), so
> almost certainly unsafe...and woah, the overhead.
> Most folks using JRuby now just assume neither work.
> Both taint and frozen have a very 90s Perl feel to them :). Being new
> to Ruby, I have absolutely no feel for how often they're used (with CRuby).
frozen is another thing entirely, and it has good uses (locking down
strings and arrays so they can't be modified, for example). But
taint/SAFE are (IMHO) ugly, dated mechanisms for handling security, by
sprinkling security checks all over high-level method calls and hoping
you don't miss any. Not to mention extensions can ignore tainting
More information about the Ironruby-core