Web-Dedicated Metacard

Chipp Walters chipp at chipp.com
Tue Dec 24 01:33:01 EST 2002 

Sivakatirswami,

I think there are two seperate issues here...and perhaps they are a bit
confusing. A standalone player, (like Macromedia and SuperCard have) versus
a web-enabled (auto boot as you call it) player. In the case of the
standalone player, an individual has to take action in order to playback a
stack-- be it download it, or request a download (like your product does).
In this case, it is more difficult and less likely for an ill-behaving stack
to be deployed.

In the case of a web-enabled application with the *goal of being a
ubiquitous player/web plugin for stacks* (much like the Shockwave plugin or
JAVA runtime), the case is much different, for several reasons. Consider:

1) It would be the intent of such a player to be deployed to as many users
who would use it. It is not necessary they be programmers, or even users of
MC/RR at all. In fact, in most cases, just the opposite may be true.

2) If a *single* exploit was to occur, and it was serious (such as erasing
significant files), then it may be presumed the major response would be to
delete the offending player. This would be a publicity nightmare for both MC
and RR. Remember, an exploit can occur by just viewing a web page -- no
other action is necessary. The offending stack would automatically download
and execute without the user ever knowing.

3) To prevent such an occurence, the player must allow downloadable stacks
to either:

	a) play only in the 'sandbox' (the initial JAVA approach) which means no
(or as Richard suggests: limited) file access whatsoever or;

	b) be certified as 'safe' by a reputable 3rd party (the Microsoft
approach).

My thinking on the subject is that a 3rd party could build a player and
infrastructure for registering (certifying) stacks. Then the player would
check in with the 3rd party to verify the signature of the certification. At
the minimum, all unsigned stacks would be pre-empted by a warning notice
such as: "This program is unsigned and could possibly damage your computer!"

I'm sure there are other better plans. In any case, I think it is not a
trivial matter, and all of us should be careful when releasing 'web enabled'
stacks and the applications which run automatically when downloading them.

best,

Chipp



>If  my SC project wanted to read and write file and
> "do stuff" with that player, nothing was there to stop it. Is it just
> the auto boot from a web page we are concerned about?
>
> Sivakatirswami
>
> _______________________________________________
> metacard mailing list
> metacard at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/metacard

More information about the metacard mailing list