You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: main/guides/js-programming/hardened-js.md
+18-4Lines changed: 18 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -79,6 +79,20 @@ e.g., only giving the `entryGuard` the ability to increment the counter.
79
79
80
80
This limits the damage that can happen if there is an exploitable bug.
81
81
82
+
### Widely Shared vs. Closely Held
83
+
84
+
#### Widely Shared Resources
85
+
86
+
In the context of Agoric's object capability model, "widely shared" refers to resources or capabilities that are accessible to a large portion of the code within a system. For example:
87
+
88
+
-**agoricNames**: This component serves as a read-only name service, which means it can be accessed by most parts of the system. Since it only allows data to be read and not modified, it poses minimal risk and can be safely made widely available.
89
+
90
+
#### Closely Held Resources
91
+
92
+
On the other hand, "closely held" resources are restricted and only accessible to specific parts of the system that require them to function effectively:
93
+
94
+
-**agoricNamesAdmin**: Known as the write facet of the name service, this component allows modifications to the data in `agoricNames`. Given its capability to alter critical system data, access to `agoricNamesAdmin` is limited to only those parts of the system that have a legitimate need for write access. This precaution helps to prevent potential misuse or errors that could compromise the system.
95
+
82
96
::: tip Watch: Navigating the Attack Surface
83
97
to achieve a _multiplicative_ reduction in risk. _15 min_<br />
0 commit comments