load command security holes?

Richard Gaskin ambassador at fourthworld.com
Tue Jul 27 15:59:02 CDT 2004


Mark Brownell wrote:
> 
> On Tuesday, July 27, 2004, at 01:10 PM, Brian Yennie wrote:
> 
>> Mark,
>>
>> Using load URL shouldn't ever be able to execute any code or open a 
>> stack. I would be different if you were using a "go stack" or "open 
>> stack" with a URL, but load URL should only download, and won't treat 
>> such as a stack unless you explicitly address it that way in your own 
>> code.
> 
> Great, glad to hear it. I've just discovered a mob of interested 
> customers charging at me to get my MTML browser. One of my sales persons 
> has an entire company that wants to use it. Two people want the 
> government to use it. It would take a day to make it a vertical browser 
> with a company wide customized file format that would not surf outside 
> the company network. So, sports fans, there's good business in the 
> FUD/browser security market.
> 
> Build a browser, include a unique file format, add encryption, and 
> market it for vertical markets. Thanks Rev!

There's another benefit:  every year employers lose billions in 
employees surfing the Web for non-work-related stuff.  With custom tools 
for Internet-delivered content a la RevNet and MTML employers can get 
info to their employees without also giving them the equivalent of a 
GameBoy.

-- 
  Richard Gaskin
  Fourth World Media Corporation
  ___________________________________________________________
  Ambassador at FourthWorld.com       http://www.FourthWorld.com


More information about the use-livecode mailing list