Prevent Access to Tables not Specified in ABI #331
Comments
|
These checks can be skipped during replay |
|
Investigating. |
|
|
@bytemaster "verify that a table name can only be used for a single index" Also, I am presuming these are only performed if an ABI is provided, are there any checks we want to perform if there is no ABI? Like ensure that table reads and writes are consistent with each other? |
|
Would think that this information has to be available in the processed WASM structure, but having a hard time identifying it. If it isn't we could identify it as we process the WASM. |
|
@bytemaster I am presuming the intent of this is safety (ensuring table access is consistent with ABI), not security, is that correct? The statement about "these checks can be skipped during replay" sounds like these checks were planned to occur every time the code runs, but this seems to be a cost that shouldn't have to be incurred every time the code runs, vs. either using data in the existing loaded WASM structure (if it is possible) or else added to the WASM structure processing. If I don't get clarification on this I will plan to do the checks as the code is run, since that comment seems to assume this. If the ABI is not provided, should a "lazy" ABI table definition be constructed as the code is run through, to ensure a table only has one type? Until I hear otherwise, I will assume the answer to this question is "yes". For "verify that a table name can only be used for a single index", I will not do anything on this till I get clarification on exactly what it means. |
|
"verify the table type matches" Working on tests. |
|
Still working on adding tests. |
|
Resolved by #573 |
The text was updated successfully, but these errors were encountered: