Read-once objects

-

(This was written and first published elsewhere in June 2020)

This concept comes from a book I really enjoyed reading last year, Secure by Design. The authors suggest using a "read-once object" to represent sensitive values to avoid unintentional use or data leakage.

A read-once objects has the following properties -

  1. Its main purpose is to facilitate detection of unintentional use
  2. It represents a sensitive value or concept
  3. It's often a domain primitive
  4. Its value can be read once, and once only
  5. It prevents serialization of sensitive data
  6. It prevents subclassing and extension

In the book, the authors start with the example of a Password domain primitive as a read-once object. If you're one of the brave readers of this note, you've likely seen a few passwords stored as strings on user objects. While there are plenty of benefits to the use of a domain primitive over a string (validations, unit testing, encapsulation), once you've read the password to compare it during authentication, there's no need to keep it around. While there are other ways of removing from memory or scrubbing logs, why bother? There's enough to remember as it is. 

The book provides additional examples and relies heavily on the value of DDD as a foundation for secure design throughout the book. There's a free chapter on the publisher's site on domain primitives.

I spotted this repo putting the concept to practice in TypeScript. Maybe one day will get around to putting together some examples in other languages (or better yet, using the idea on a project). In Ruby, for example, I'd think about overriding to_s and to_json, maybe use object lifecycle callbacks to prevent subclassing, and clone and return a temporary value in the property getter. There's plenty more in the book, I'd highly recommend it.



Popular posts from this blog

Thinking About BIPA and Machine Learning

-
One article that really caught my attention recently discussed the use of Creative Commons-licensed images from Flickr as part of the MegaFace dataset for training facial recognition algorithms. Despite its aggressive (but not untrue) title, it highlights the many sides of the questions we the people and we the companies building products with these technologies face confront. Focusing on the licensing, Flickr truly expanded the available commons of openly-licensed images by allowing its community to choose Creative Commons (CC) licenses. Interestingly, the latest version of the most permissive CC license expressly does not license "publicity, privacy, and/or other similar personality rights", yet the licensor agrees not to assert such rights to the extent necessary to support the rest of the license. However, previous versions of this or other CC licenses probably apply to many photos in the data set, and not all of the other licenses contain this language. For the Cre
Read more

Changing PDF Metadata with Python

-
While updating a pdf recently, I noticed some metadata I wanted to change and a few annotations that were hidden from view but still in the file. However, the "Get Info" pane in Preview on OS X doesn't provide a metadata editor, nor does its Export function, so it seemed like a good opportunity to learn a bit more about the PDF standard and Python packages for getting the job done. Adobe Acrobat or other GUI's would've been much faster, but I'll likely need to do this programmatically again at some point like those of you who might've found this post by looking on your favorite privacy-preserving search engine for "change pdf metadata in python". So here we go. Before starting, I hopped into a new folder and created a git repository with a first commit of my original pdf in case anything went wrong. Then I ran conda create --name pdf --python=3.8.1 and conda activate pdf to set up an Anaconda virtual Environment named pdf to keep my work is
Read more

A New Serverless Look

-
(Update 3/20/2024: If it ain't broke, do the classic developer thing and rebuild it! I've taken the site described below offline, and moved its posts here.) Until recently, I had no reason to build anything elaborate with a serverless architecture. Yet it's everywhere now! There's  Amplify , Netflify , JAM , SAM , lambdas , workers and more to learn about.
Read more