Rev Sandbox?

Pierre Sahores psahores at easynet.fr
Sun Nov 9 07:39:16 CST 2003


Allo Friends,

I was just on the way to reply to your mail, Jim, when Jan answered with
all the needed concepts and details about the use of the global
"securemode" property. As Jan describe, transcript give us all what's
needed to avoid sad problems. We just need to take care about setting
the securemode to true before opening an "unknowed" stack.

In about what happens to Dan :

There will always be less creative and non-violent persons than
destructive and unfriendly peoples over the word. It's bad but it's so.
The only good news in this bad story is perhaps that more and more
people are testing and using Revolution over the world. I hope that all
of them are licensed peoples.

Kind Regards from Paris, Pierre

Le dim 09/11/2003 à 14:02, Jan Schenkel a écrit :

> --- Jim Lyons <jimlyons at earthlink.net> wrote:
> > Recently, Dan Schafer wrote:
> > > (One of these days I'll understand the
> > > mentality vandals who derive joy from merely
> > disrupting the lives and
> > > sanity of others. On second thought, I hope I
> > never do understand that.
> > > It's abominable.)
> > 
> > A dark thought that has been lurking in my
> > world-weary mind is the risk
> > we take by downloading stacks and running them on
> > our machines. As more
> > and more folks discover Revolution, there are more
> > and more things to
> > share and check out. So far, we have a cozy,
> > friendly community of users
> > and none of us would think of using Rev for anything
> > disruptive, or
> > worse. I feel pretty confident downloading things
> > from the sites of
> > people we have come to "know" here on the list. But
> > we all know very
> > well that some innocent looking little "Christmas
> > Message" stack could
> > conceal anything from a prank to a disaster. With
> > Rev's internet
> > capabilities, I suppose it could even be used to
> > launch a worm.
> > 
> > So what can we do, other than only run stacks from
> > reputable sources? I
> > know there's no way to scan a stack and tell if it's
> > evil. Would it be
> > possible to devise a kind of sandbox to test new
> > stacks in, that would
> > prevent and report on attempts to write to the disk
> > drive, send
> > something over the net, etc?
> > 
> > Hoping for a better world,
> > Jim Lyons
> > 
> 
> Hi Jim,
> 
> Have a look at the global property 'secureMode' --
> from its entry in the Transcript Dictionary : 
> 
> "Comments:
> If the secureMode property is set to true, the
> application cannot use the get, put, open file, read
> from file, or write to file commands to gain access to
> local files. The application cannot run programs with
> the shell function, the open process command, or the 
> launch command. On Windows systems, it cannot use the
> deleteRegistry, queryRegistry, or setRegistry
> functions to access the Windows system registry."
> 
> You could build a small player standalone that sets
> secureMode to true on startup, and where you can enter
> the URL and run it from there.
> 
> Hope this helped,
> 
> Jan Schenkel.
> 
> =====
> "As we grow older, we grow both wiser and more foolish at the same time."  (La Rochefoucauld)
> 
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
-- 
Bien cordialement, Pierre Sahores

100, rue de Paris
F - 77140 Nemours

psahores at easynet.fr

GSM:   +33 6 03 95 77 70
Pro:   +33 1 41 60 52 68
Dom:   +33 1 64 45 05 33
Fax:   +33 1 64 45 05 33

Inspection académique de Seine-Saint-Denis
Applications et SGBD ACID SQL (WEB et PGI)
Penser et produire "delta de productivité"


More information about the use-livecode mailing list