Script Limits
Dave Cragg
dcragg at lacscentre.co.uk
Thu Aug 7 19:52:00 EDT 2003
At 9:54 am -0700 7/8/03, Mark Talluto wrote:
>On Thursday, August 7, 2003, at 09:36 AM, Richard Gaskin wrote:
>> I just did a test with MC 2.5:
>>
>> I made a stack with one field, and put "This is field data" into it.
>> Then I added a custom prop and put "This is prop data" into it.
>> Then I put "--this is script data" into the stack script.
>>
>> I saved it, then did a Save As, set the password, and saved this copy again.
>> I quit MC and opened both stack files in TexEdit (any app that lets you open
>> binries will do).
>>
>> In the non-password-protected stack, all three text strings are readable.
>> In the password-protected stack none of them are.
>>
>> It seems a change was introduced in the engine at some point that now
>> provides complete protection for all three types of data storage.
>>
>>
>
>I just did another test in MC 2.5:
>
>While it is true that the data is safe in a text editor, it is not
>safe when you do the following:
>
>Try opening that stack you created in MC. You can not get to the
>script data, but you can surely open up the custom property and read
>what you put in there.
This is true, but you can use a sneaky getprop handler to prevent
access to a custom property unless you supply a secret key.
To do this, you would set the properties you want to keep secure in a
custom property set.
E.g.
set the cSecuredata["PIN"] of stack "secureStack" to "1234"
Then you would use a getprop handler like this:
getprop cSecuredata[tKey]
if item 1 of tKey is "yohoho" then ## "yohoho" is the secret key
return the cSecuredata[item 2 of tKey] of me
else
return empty
end if
end cSecuredata
So to get the "PIN" property, you would have to do this:
get the cSecuredata["yohoho,PIN"] of stack "securestack"
Cheers
Dave
More information about the metacard
mailing list