load command security holes?
ambassador at fourthworld.com
Tue Jul 27 15:13:59 CDT 2004
Mark Brownell wrote:
> How secure is the load command in Rev standalone applications?
> When I use "load URL myURL," is it possible ever to download a harmful
> executable application that could some how escape or run from or within
> the cache? I'm not considering that the file being downloaded would be a
> stack. In other words it should only be a text file or an MTML file. But
> what would happen if a user created a link to a stack file that would
> then save itself or do something else? Would that stack file somehow run
> or start on its own while in the cache? Something like that could be
> used to destroy global vars in the simplest form of malicious activity.
> I guess what I'm saying is that a simple browser created with Revolution
> would have no Java, active-X, or java script capabilities that could
> even remotely be considered equivalent to the security holes found each
> week in Internet Explorer.
I believe the secureMode property addresses those issues.
Fourth World Media Corporation
Rev tools and more: http://www.fourthworld.com/rev
More information about the use-livecode