Opened 15 years ago
Last modified 11 years ago
#116 new enhancement
consider adding "current caller context" function
| Reported by: | Brian Warner | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | unknown | Version: | 0.3.0 |
| Keywords: | Cc: |
Description
This function would allow a remote_foo() method to learn the tubid of the client which sent the activating message. (another possibility is to add magic argument markers to the schema, which would be filled in with locally-generated values that didn't come from the remote client). The "current caller context" function would work by crawling the stack upwards until the foolscap dispatch routine was located, then looking inside that routine's stack frame for the client tubid. It would only be callable from the first reactor turn: if remote_foo() defers execution to a subsequent turn, the information would be lost. This function could also indicate which RemoteReference the message arrived on (in case the same object is referenced in multiple ways).
It's not clear to me that this would be a good idea, but it's occurred to me more than once, so it needed to be written down.
What would this be used for? It's a common request in capability systems to want to know the caller identity in order to perform security checks, but that's an anti-pattern, because it interferes with delegation and reintroduces problems with identity-based security that cap systems otherwise solve.