load command security holes?
Richard Gaskin
ambassador at fourthworld.com
Tue Jul 27 16:59:02 EDT 2004
Mark Brownell wrote:
>
> On Tuesday, July 27, 2004, at 01:10 PM, Brian Yennie wrote:
>
>> Mark,
>>
>> Using load URL shouldn't ever be able to execute any code or open a
>> stack. I would be different if you were using a "go stack" or "open
>> stack" with a URL, but load URL should only download, and won't treat
>> such as a stack unless you explicitly address it that way in your own
>> code.
>
> Great, glad to hear it. I've just discovered a mob of interested
> customers charging at me to get my MTML browser. One of my sales persons
> has an entire company that wants to use it. Two people want the
> government to use it. It would take a day to make it a vertical browser
> with a company wide customized file format that would not surf outside
> the company network. So, sports fans, there's good business in the
> FUD/browser security market.
>
> Build a browser, include a unique file format, add encryption, and
> market it for vertical markets. Thanks Rev!
There's another benefit: every year employers lose billions in
employees surfing the Web for non-work-related stuff. With custom tools
for Internet-delivered content a la RevNet and MTML employers can get
info to their employees without also giving them the equivalent of a
GameBoy.
--
Richard Gaskin
Fourth World Media Corporation
___________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list