'hack' test results
Rick Harrison
harrison at all-auctions.com
Sun Apr 21 10:35:00 EDT 2002
on 4/20/2002 1:23 PM, JohnRule at aol.com at JohnRule at aol.com wrote:
>> The only data they should be seeing is the data I want
>> to show to them. Other data is all in hidden fields.
>> Could you be more verbose?
>
>
> I just did another 'hack' test...with MCRipper this time:
>
> http://www.inspiredlogic.com/mc/ripper.html
>
> It cannot 'rip' password protected stacks (at least I couldn't get it to) so
> that is a relief.
>
> MCRipper will 'rip' invisible objects (including any text or scripts) even if
> the stack is password protected. So the conclusion...any information in text
> fields (even hidden fields) is not totally safe.
>
> Solution:
> Load the information from the field into a variable...then delete the text
> from the field. You are still susceptable to any 'prying' if you give the
> users the capability to load any stack (i.e. I could load a stack that
> searches all variables). ...
John,
Yuk, we shouldn't have to be worrying about such things.
Perhaps Ken Ray's idea about "lock messages" before opening the stack
is the solution to prevent ripping.
I'm downloading MCRipper to play around with it myself to see what
evils it can really do.
Thanks for the hack tests!
Rick Harrison
More information about the use-livecode
mailing list