ANN: revHTTPd next generation (please read, many many goodies inside)
Andre Garzia
soapdog at mac.com
Tue Jan 20 12:20:11 EST 2004
On Jan 20, 2004, at 4:50 AM, Simon Brown wrote:
> Wow. Very interesting. Will have to spend some time playing around
> with this.
>
> Wondering about the security aspects of this though. Could a carefully
> designed stack with this feature be safe? Would the data have to be
> locked (static) only?
>
> Simon.
>
Simon,
there are some security flaws by design... You can access any stack,
you can send any message to any stack available... this is sure a flaw,
or a opportunity. While running in a standalone there's not much harm
one can do this way, but in the IDE the revIDE stacks are available...
that's bad...
Also with INFORM you can write data and read data from anystack... but
it was designed that way. The best way to address security is to create
custom properties for blessed stacks and blessed messages, this way
one can use only that, but that proved to be a huge drawback in the
framework.
When I release the code this week, you'll see that the engine is pretty
simple, and adding more robust security to it can be done... I've got a
internal version with a frontscript that does that for me... but that
won't be released, it's alpha.
Cheers
Andre
>
Andre Alves Garzia ð 2003 ð BRAZIL
http://www.soapdog.org
More information about the use-livecode
mailing list