Hi, this is my first post here. I've just started learning about Ruby (a few days ago so forgive my ignorance) motivated by a desire to learn if it can be a capability-secure language. What control is possible over the namespace Ruby code executes in? Can the ambient/default authority available to code be restricted? I want to be able to make my own namespace for untrusted code to execute in where all default objects (especially ones like ObjectSpace) can be selectively removed and my own can be put in. I'm aware of eval(codestr, binding). Can I construct a Binding object from scratch with just what I want in it? Can I permanently delete unwanted objects from the base namespace? Very important is the ability to prevent module importing. Can this be done? Another potential ambient authority problem is built-in/language-syntax abilities like "" creates a new String. Can I do things like change String class and then "" will use the new modified class? Just how opaque can Ruby objects be made to be? I'm aware of making private methods and that variables require accessor methods but I've seen the name and value of instance variables printed in objects' string representations. Can the internals of Ruby objects be made completely invisible? Can I make an object where having a reference to the object gives you ONLY the ability to call its desired-to-be-exposed methods and transfer the reference, and absolutely nothing else. Meaning tricky things like: evil = a.class.new() or evil = a._internal_[1].namespace["secret"] can be made impossible? Can I make a class that nullifies all public methods from base class Object? Would this make it provably impossible to do anything other than call the public methods I make? I hope you get my drift. The basic principle of capability-security is "authority with designation". How much can I restrict what is designatable to Ruby code? --Derick __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/