Rev player

Richard Gaskin ambassador at fourthworld.com
Mon Jul 26 13:43:46 EDT 2004 

Andre Garzia wrote:

> 
> On Jul 26, 2004, at 1:18 PM, Kevin Miller wrote:
> 
>> The Player application is by default configured to have secureMode turned
>> on.  This makes it "secure" preventing a stack from destroying a users 
>> hard
>> drive.  However, the end user does have the option to turn of 
>> secureMode as
>> a preference included with the Player, so if you have a stack you want to
>> distribute you need to tell the end user to turn this option off if they
>> want to be able to save data.  In a future version we may look more 
>> closely
>> at an intermediate "level" of security, right now the user must be 
>> asked to
>> turn this off.

> what about a sandboxed enviroment, like a function to save a stack and 
> another to load. You cannot specify where to save for the Dreamcard app 
> will save it to it's own folder. This way we can save stuff and load 
> stuff, and there will be no harm in it. Also we could only save and load 
> stacks. maybe this handler could be something like secureSave and 
> secureLoad. The user could be prompted and asked if he would allow to 
> save or load from this app, much like the Apple Keychain does.
> 
> What about this approach, it can be easily implemented without altering 
> Dreamcard code, this could be done in transcript level, no need to put 
> that on the engine itself.... it could be done in couple hours and would 
> make big time for us...

Any changes to the behavior of secureMode must be done in the engine. 
If they are handled in script then a script can change the behavior, 
leaving the door open to hackers.

An engine-level solution has been bandied about in Bugzilla:
<http://www.runrev.com/revolution/developers/bugdatabase/show_bug.cgi?id=867>

Until such a change is made at the engine level, I agree with Kevin's 
position of erring on the side of safety.

-- 
  Richard Gaskin
  Fourth World Media Corporation
  ___________________________________________________________
  Ambassador at FourthWorld.com       http://www.FourthWorld.com

More information about the use-livecode mailing list