The Boss and the Worker
-
Assume there's a system with 2 objects. An object of class Boss and an object of class Worker. The object Boss does what all bosses do: tell workers what to do, drive big cars and stare out of the window. The same is true for the object Worker. It does what all workers do: staring the whole day at the screen (or out of the window) and try to solve all those silly things their boss came with. During this dull life the object Worker has one periodic highlight: Once a month it calls the object Boss and invokes the method GetSalary(). But for the Object Boss this is a big security risk: It only wants that real workers get salary. So the problem is: a method is invoked but the object of that method wants to be sure that only specific objects may invoke that method. How to solve this? Variables and functions may be defined as static, restricting their visibility to the module-level. Classes and methods may also use techniques like this but this is not going to work: Our object Boss is an 'interim': He's only added to a project when needed and if they pay him enough. The object Boss is a generic one. I'm looking for solutions that can withstand a malicious programmer that creates his own object Worker or derives one from the class Worker to invoke GetSalary() as much as possible. Another variant of this problem is an object that can be cloned but wants to do this only when asked from certain other objects (because it carries sensitive data) although its Clone-method is public. Any suggestions? Concepts will be appreciated above code.
-
Assume there's a system with 2 objects. An object of class Boss and an object of class Worker. The object Boss does what all bosses do: tell workers what to do, drive big cars and stare out of the window. The same is true for the object Worker. It does what all workers do: staring the whole day at the screen (or out of the window) and try to solve all those silly things their boss came with. During this dull life the object Worker has one periodic highlight: Once a month it calls the object Boss and invokes the method GetSalary(). But for the Object Boss this is a big security risk: It only wants that real workers get salary. So the problem is: a method is invoked but the object of that method wants to be sure that only specific objects may invoke that method. How to solve this? Variables and functions may be defined as static, restricting their visibility to the module-level. Classes and methods may also use techniques like this but this is not going to work: Our object Boss is an 'interim': He's only added to a project when needed and if they pay him enough. The object Boss is a generic one. I'm looking for solutions that can withstand a malicious programmer that creates his own object Worker or derives one from the class Worker to invoke GetSalary() as much as possible. Another variant of this problem is an object that can be cloned but wants to do this only when asked from certain other objects (because it carries sensitive data) although its Clone-method is public. Any suggestions? Concepts will be appreciated above code.
-
Assume there's a system with 2 objects. An object of class Boss and an object of class Worker. The object Boss does what all bosses do: tell workers what to do, drive big cars and stare out of the window. The same is true for the object Worker. It does what all workers do: staring the whole day at the screen (or out of the window) and try to solve all those silly things their boss came with. During this dull life the object Worker has one periodic highlight: Once a month it calls the object Boss and invokes the method GetSalary(). But for the Object Boss this is a big security risk: It only wants that real workers get salary. So the problem is: a method is invoked but the object of that method wants to be sure that only specific objects may invoke that method. How to solve this? Variables and functions may be defined as static, restricting their visibility to the module-level. Classes and methods may also use techniques like this but this is not going to work: Our object Boss is an 'interim': He's only added to a project when needed and if they pay him enough. The object Boss is a generic one. I'm looking for solutions that can withstand a malicious programmer that creates his own object Worker or derives one from the class Worker to invoke GetSalary() as much as possible. Another variant of this problem is an object that can be cloned but wants to do this only when asked from certain other objects (because it carries sensitive data) although its Clone-method is public. Any suggestions? Concepts will be appreciated above code.
in the method GetSalary(),the boss should check the worker is the real worker. you should make some mechanism to check the real worker.
-
Assume there's a system with 2 objects. An object of class Boss and an object of class Worker. The object Boss does what all bosses do: tell workers what to do, drive big cars and stare out of the window. The same is true for the object Worker. It does what all workers do: staring the whole day at the screen (or out of the window) and try to solve all those silly things their boss came with. During this dull life the object Worker has one periodic highlight: Once a month it calls the object Boss and invokes the method GetSalary(). But for the Object Boss this is a big security risk: It only wants that real workers get salary. So the problem is: a method is invoked but the object of that method wants to be sure that only specific objects may invoke that method. How to solve this? Variables and functions may be defined as static, restricting their visibility to the module-level. Classes and methods may also use techniques like this but this is not going to work: Our object Boss is an 'interim': He's only added to a project when needed and if they pay him enough. The object Boss is a generic one. I'm looking for solutions that can withstand a malicious programmer that creates his own object Worker or derives one from the class Worker to invoke GetSalary() as much as possible. Another variant of this problem is an object that can be cloned but wants to do this only when asked from certain other objects (because it carries sensitive data) although its Clone-method is public. Any suggestions? Concepts will be appreciated above code.
The answer as par my design is:- I believe boss should keep a base class Worker, with two derived classes, GoodWorker and BadWorker. Now Boss can call based on the work
int workerCategory()
{
if( "good" == work )
{
Worker* pWorker = new GoodWorker();
}
pWorker->GetSalary();
}class Worker
{
public:
void Work();
virtual void GetSalary();
};class GoodWorker
{
public:
void Work()
{
}
void GetSalary()
{
...... Logic
}
};class BadWorker
{
public:
void Work()
{
}
}Величие не Бога может быть недооценена.
-
The answer as par my design is:- I believe boss should keep a base class Worker, with two derived classes, GoodWorker and BadWorker. Now Boss can call based on the work
int workerCategory()
{
if( "good" == work )
{
Worker* pWorker = new GoodWorker();
}
pWorker->GetSalary();
}class Worker
{
public:
void Work();
virtual void GetSalary();
};class GoodWorker
{
public:
void Work()
{
}
void GetSalary()
{
...... Logic
}
};class BadWorker
{
public:
void Work()
{
}
}Величие не Бога может быть недооценена.
Thanks for your replies. I try to answer you all 3 at once: First Matias: In real life a worker will be hired first, and this salary-thing wouldn't be a problem. Problem is that in my example there is only a boss and some workers. If you have access to this system you could easily derive a class from Worker (sub-class, inherit from, however you name it) that would have malicous code; so the worker gets salary twice a day. Adam: I like your idea to make derived classes good worker and bad worker but i don't see how this can solve the problem: deriving a malicious class from Goodworker would be even simpler. But the idea to create a Badworker too is intriguing and maybe usefull, but i don't see how yet. Iceman: I myself was thinking the same way, and maybe you can help me with some more ideas. What i want is a worker-class that can not be tampered with. So it may not be derived and there may not be a another class that can have the same name. If I create Getsalary() like thiis: (in pseudo-code) Class Boss method Getsalary(oworker) ... We can ensure that the argument oworker must be of class Worker (or a derived class) by strongtyping oworker. I found a way to check if oworker is not a derived one. And here OO stops: Boss can not be sure if it is the 'right' untampered version of Worker or just a fake. I was thinking to implement some kind of shared secret, when the worker ask Salary it must solve a riddle first. If the source of both objects is known this will not work, so at least one of them must be published in a DLL (or something) that hides the solving of the riddle... Placing code in a DLL is not a strong one (you can replace it). So i need really good ideas how to create this kind of security. Maybe it is possible to do some variable encryption, like this: Boss calls a method of Worker. This decrypts a internal piece of data in Worker, Worker sends this data when it invokes Getsalary. Boss checks this data. If the data was ok salary is paid otherwise not. Feel free to give me more suggestions and thanks so far...
-
Conceptual answer: Didn't the boss hire the worker in some way? The boss should ideally be the manager for all the employees, that is, the boss should keep track of which workers that are entitled to salaries ...
-
in the method GetSalary(),the boss should check the worker is the real worker. you should make some mechanism to check the real worker.