LaconicNetwork/cosmos-sdk
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
c44813bcdf
cosmos-sdk/docs/core/ocap.md
Denis Fadeev 13378bd2cf Docs: hide frontmatter, bugfixes (#5413) 
* encoding

* working on baseapp doc

* baseapp work

* reorg

* almost there

* finish first draft

* remove old files

* module doc start

* finish intro

* working

* workinnn

* add transactions into core

* hans comments

* add transactions into core

* working

* gautier comments

* clean

* working

* consolidate intro

* querier

* workiiiing

* refactor for new module interface

* karoly review

* working on baseapp doc

* baseapp work

* reorg

* almost there

* finish first draft

* remove old files

* finish intro

* workinnn

* initial commit after rebase

* query-lifecycle and started modules-interfaces

* query-lifecycle first draft done

* module interfaces first draft

* rest and intro skeletons

* rest and intro done

* small edits and links

* comments

* revisions

* cli.md comments

* comments

* minor edits

* better flow for query lifecycle

* add transactions into core

* hans comments

* add transactions into core

* checkout master-docs files

* deleted some

* remove modules readme

* cli.md comments

* comments

* module-interfaces comments

* Merge PR #4857: Add Context concept doc

* working

* working

* finish messages and queries

* handler

* querier

* last comments!

* punctuation

* querier2

* consolidate intro

* querier

* workiiiing

* refactor for new module interface

* karoly review

* working on baseapp doc

* baseapp work

* reorg

* almost there

* finish first draft

* remove old files

* finish intro

* workinnn

* initial commit after rebase

* query-lifecycle and started modules-interfaces

* query-lifecycle first draft done

* module interfaces first draft

* rest and intro skeletons

* rest and intro done

* small edits and links

* comments

* revisions

* cli.md comments

* comments

* minor edits

* better flow for query lifecycle

* checkout master-docs files

* deleted some

* remove modules readme

* cli.md comments

* comments

* module-interfaces comments

* keeper

* genesis

* finish

* Apply suggestions from code review

Co-Authored-By: Hans Schoenburg <hschoenburg@users.noreply.github.com>

* hans review

* Update docs/core/baseapp.md

Co-Authored-By: Hans Schoenburg <hschoenburg@users.noreply.github.com>

* working

* last comment

* workin

* Apply suggestions from code review

* encoding and node

* almost finish store

* finish docs

* fixes

* fede comments + permalinks

* hans review

* add more permalinks

* update docs theme version (#5239)

* R4R: Docs Cleanup (#5246)

* start

* work

* work

* work

* remove table of content

* links intro

* fix links

* remove junk

* cleanup

* cleanup

* work

* finish cleanup

* addback readmes

* remove nft

* fix links

* remove dup

* remove dup

* remove dup

* remove dup

* remove dup

* fix links

* add subscribe events

* refine rest

* index page

* sidebar

* theme version

* theme version

* testing netlify

* theme version

* tooltip example

* version

* testing code embedding

* reverting back

* theme version

* version

* version

* version

* readme and version

* cleanup

* redo app anatomy

* modules readme, theme version

* theme version

* fix modules list

* theme version

* new snippets

* modules readme

* update docs readme

* modify synopsis

* version

* fix yaml

* version

* version

* version

* version

* version

* version

* version

* version

* version

* version

* add hide banner

* version

* version

* version

* small fixes

* modules readme, version

* remove hotkeys dep, version

* version

* version

* version

* version

* version

* version

* version

* slight notice

* fix links and hide

* permalinks

* small clean

* version

* resolve conflicts, add google analytics

* fix merge remants

* version

* changelog 1/2

* Changelog: docs UI

* version

* remove merge conflicts

* Code: Update link for Contributing to the docs to docs_readme

* HTML/CSS: Update layout of homepage footer to match new layout in Figma

* version

* final modifs

* modules, version

* modules readme

* link to module list from homepage

* version

* building modules link

* version

* version

* fonts

* version

* version

* fix link

* fix package.json

* links in explore sdk section

* core concepts

* version

* change delimeters for frontmatter

* frontmatter in comments

* version

* temp add tiny-cookie

* fixed link issues

* fixed styling issues, copy

* hide frontmatter

* hide frontmatter

* layout fixes, padded ascii diagram

* fira sans font for code
2019-12-17 08:44:44 -03:00

75 lines
2.6 KiB
Markdown
Raw Blame History

<!--
order: 8
-->
# Object-Capability Model
## Intro
When thinking about security, it is good to start with a specific threat model. Our threat model is the following:
> We assume that a thriving ecosystem of Cosmos-SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules.
The Cosmos SDK is designed to address this threat by being the
foundation of an object capability system.
> The structural properties of object capability systems favor
> modularity in code design and ensure reliable encapsulation in
> code implementation.
>
> These structural properties facilitate the analysis of some
> security properties of an object-capability program or operating
> system. Some of these — in particular, information flow properties
> — can be analyzed at the level of object references and
> connectivity, independent of any knowledge or analysis of the code
> that determines the behavior of the objects.
>
> As a consequence, these security properties can be established
> and maintained in the presence of new objects that contain unknown
> and possibly malicious code.
>
> These structural properties stem from the two rules governing
> access to existing objects:
>
> 1. An object A can send a message to B only if object A holds a
> reference to B.
> 2. An object A can obtain a reference to C only
> if object A receives a message containing a reference to C. As a
> consequence of these two rules, an object can obtain a reference
> to another object only through a preexisting chain of references.
> In short, "Only connectivity begets connectivity."
For an introduction to object-capabilities, see [this article](https://en.wikipedia.org/wiki/Object-capability_model).
## Ocaps in practice
The idea is to only reveal what is necessary to get the work done.
For example, the following code snippet violates the object capabilities
principle:
```go
type AppAccount struct {...}
var account := &AppAccount{
Address: pub.Address(),
Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)},
}
var sumValue := externalModule.ComputeSumValue(account)
```
The method `ComputeSumValue` implies a pure function, yet the implied
capability of accepting a pointer value is the capability to modify that
value. The preferred method signature should take a copy instead.
```go
var sumValue := externalModule.ComputeSumValue(*account)
```
In the Cosmos SDK, you can see the application of this principle in the
gaia app.
+++ https://github.com/cosmos/gaia/blob/master/app/app.go#L197-L209
## Next
Learn about [building modules](../building-modules/intro.md) {hide}
Reference in New Issue View Git Blame Copy Permalink