load command security holes?

Richard Gaskin ambassador at fourthworld.com
Tue Jul 27 15:13:59 CDT 2004

Mark Brownell wrote:

> Hi,
> How secure is the load command in Rev standalone applications?
> When I use "load URL myURL," is it possible ever to download a harmful  
> executable application that could some how escape or run from or within 
> the cache? I'm not considering that the file being downloaded would be a 
> stack. In other words it should only be a text file or an MTML file. But 
> what would happen if a user created a link to a stack file that would 
> then save itself or do something else? Would that stack file somehow run 
> or start on its own while in the cache? Something like that could be 
> used to destroy global vars in the simplest form of malicious activity.
> I guess what I'm saying is that a simple browser created with Revolution 
> would have no Java, active-X, or java script capabilities that could 
> even remotely be considered equivalent to the security holes found each 
> week in Internet Explorer.

I believe the secureMode property addresses those issues.

  Richard Gaskin
  Fourth World Media Corporation
  Rev tools and more:  http://www.fourthworld.com/rev

More information about the use-livecode mailing list