Web-Dedicated Metacard
andu
undo at cloud9.net
Mon Dec 23 16:28:00 EST 2002
--On Monday, December 23, 2002 14:31:40 -0600 Chipp Walters
<chipp at chipp.com> wrote:
>>
>> > Chipp Walters wrote:
>> >
>> >> The big problem with a *sanctioned* web-savvy MetaCard or RunRev
>> >> player is the potential for *very dangerous viruses*!!
>> >
>>
>> I don't understand this discussion, one can D&D a stack on the engine on
>> all platforms which support it and have it "play". For browsers
>> one can add
>> MC as helper application and have stacks "play" as soon as they download,
>> what would a "player" do differently and why would it be more dangerous
>> then a plain engine?? Sure I can make a stack which erases the hard drive
>> "on startup" but so can any application.
>>
>> Regards, Andu Novac
>
> Hi Andu,
>
> Neither Shockwave (Director and Flash), JAVA, nor ActiveX will imediately
> deploy and execute a program upon a simple javascript ON LOAD event which
> allowed file access (the first time loaded). A correctly registered MIME
> for MetaCard/RR could execute with file access permissions, without so
> much as a warning (see my ButtonGadget example). A 'correct' MC/RR player
> would involve registering itself as the correct MIME and then doing some
> sort of certification and/or file check *before* automatically
> downloading and running. There is a BIG difference between just
> registering MC automatically as a valid MIME and building a player which
> provided some safety measures.
Like what kind of safety measures, a warning that the script (like any
script) *could* do this and that to the data on the hard drive if executed?
As to Shockwave it never asks me if it's ok to load this or that moving
thing once I have the plugin installed. Java also, it just displays that
stupid running text in my browser without any questions.
What I'm trying to say is that there is a difference between legitimate
security concerns and constant fear or the illusion of security. If there
is fear then not using the computer on a public network is the best
solution for sanity, the illusion of security is worse then no security at
all.
>
> The idea is to create a generic 'player' so that anyone who has installed
> it, can playback any content with just a click of a button on a webpage.
Like I said, that can be done manually in the browser's preferences.
>
> -Chipp
>
>
> _______________________________________________
> metacard mailing list
> metacard at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/metacard
>
Regards, Andu Novac
More information about the metacard
mailing list