Web-Dedicated Metacard

[Pierre Sahores]

Richard Gaskin a écrit :
> 
> Chipp Walters wrote:
> 
> > The big problem with a *sanctioned* web-savvy MetaCard or RunRev player is
> > the potential for *very dangerous viruses*!!
> 
> While the potential for malicious abuse is clear, it's no more a problem for
> Rev than it is for ActiveX controls, Director extensions, or downoading
> applications from Downoad.com.
> 
> And considering the several billion dollars' worth of security holes
> throughout Microsoft operating systems and Internet products, any security
> measure ultimately comes down to trust:  you either trust the site making
> the download available, or don't download it.
> 
> This is not to suggest that we shouldn't continue to pursue security
> solutions.  On the contrary, such moves will be needed to attract any larger
> organizations.
> 
> But on balance, if we remind folks that such distribution carries only the
> same risks as downloading any executable file, we can allow people to make
> their own choices about downloading.
> 
> I like what the secureMode offers, but it also hampers one of the biggest
> advantages of desktop software over browser-based applications: local data
> storage.
> 
> I'd love to see a "semi-secure" mode, in which file I/O was allowed but
> restricted to one specific directory.
> 
> --
>  Richard Gaskin
>  Fourth World Media Corporation
>  Developer of WebMerge 2.1: Publish any database on any site
>  ___________________________________________________________
>  Ambassador at FourthWorld.com       http://www.FourthWorld.com
>  Tel: 323-225-3717                       AIM: FourthWorldInc
> 
> _______________________________________________
> metacard mailing list
> metacard at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/metacard

Allo there,

1.- The use of Metacard/RR on the server side will never open, by it
self, new security holes on the host machine. The security will only
depend on how the server is or is'nt clean securised (ssh and ssl
tunneling instead of telnet/ftp direct admin acces, permissions,
proxying, firewalling, httpd config, mc config, etc...) not in about mc
is or is'nt installed. Each bad securised server hosts many others
engines best knowed than mc by the ones that spend time to krack them
(GCC, Perl, PHP, SQL servers, SendMail,..).

2.- The use of Metacard/RR on the client side will not open security
holes on the client host if the developper take care about what his app
has to do and dont have to do. It's there only an ethic question, as
long as RR/MC are full usables in many differents ways, just alike all
the most powerfulls development tools availables today.

Cl : If we are able to develop, in using RR/MC, usefull tools for the
web/vpn markets, we have just to go head and, further, there will be
happy end-users of those usefull new kind of web/vpn apps. We are not
the onests, on this list, to think that the W3C standards are no more
powerfull enought to parse the next generation of web apps, so, for
example, as in the client-side broswing sphere.
Along some bad or stupids marketing considerations doing the web
broswers far unusables tools as multimedia front-ends, we have to feel
us free to get the best from RR/MC to build real web conectables
multimedia front-end. If we are strong enought to build such kind of
apps, there will be, to the end, more and more people to take the same
way, even in using other kinds of development tools, alike Delphi,
Director, or OmnisStudio but not only...

Hope this helps ;-)
-- 
Cordialement, Pierre Sahores

Inspection académique de Seine-Saint-Denis.
Applications et bases de données WEB et VPN
Qualifier et produire l'avantage compétitif