[OT] Flash wants standalones

[Ro Nagey]

I agree with much of what Richard says. When we, Royal Software, were 
first presented with ScriptDemon, a powerful browser plugin that allows 
you to run AppleScript on remote computers over the web, security was, 
obviously, a major concern. Quite literally, once you allow AppleScript 
work on a computer that also is running HyperCard or, now, Revolution, 
the ability to send information back to the host computer is, quite 
literally, unlimited.

In the beginning, we set the price high. In part, this was to limit the 
market to the very serious user. With time, however, we lowered the 
price. We've never heard a complaint about the misuse of ScriptDemon. 
It remains a very powerful tool.

The issue, it appears to me, comes down to trust of who you're working 
with and rather it can be hacked by an outside source.

On a separate note [and, no doubt, opening a door that should be kept 
closed], I read about Microsoft security recently. Although I am far 
from a supporter, it was interesting to note the number of security 
holes that are exploited for which Microsoft had issued patches up to a 
year in advance.

Software authors like Richard I trust implicitly. He, and many other 
Rev contributors, are very responsible and responsive...much more so 
than many large, commercial enterprises.

Ro


On Friday, March 28, 2003, at 09:58 AM, Richard Gaskin wrote:

>
> Even with limited file I/O, if you allow access to launch, shell(), the
> registry, or AppleScript you're still exposing the system to 
> potentially
> devastating actions.  Yet if we remove all sources of potential risk, 
> what's
> left that's worth working with? It would seem simpler to just deliver a
> stack as a standalone than cut it down it for distribution with a 
> restricted
> RevNet (and you'd probably have at least as many downloads).