Rev as server immune to buffer overflow?

MisterX b.xavier at internet.lu
Fri Apr 22 13:12:44 EDT 2005


Richard,

Im glad you asked this but I didn't want to scare the community... ;)

Buffer overflow only affect cpu register handling. Macs have data and
execution (scripts ;) register in their cpus while PCs have a mixed register
where the malicious calls can be "faked"... Data becomes "script" and voila
- compromized! Macs are inmune more or less. And i guess pc makers are
trying to fix that too... 

I wouldn't be concerned with them as much as securing a transaction protocol
before doing any net negotiation... Or making a secure registration protocol
for securing your software. Etc, etc...

Beware there's a zillion more security holes worse than those. I know a lot
in Rev but hell im gonna tell ya! Just today, we just got some free tickets
to a race in zolder.be through a stupid web-form where you could add your
name to print the ticket in the url ;)) Just an example...

So regarding, a past mail against Tuv's RSA examples, the best security is
through education, nothing more. I have a pc, web server, mysql, and i've
been able to plug in each hole and rarely, rarely get a virus (2 in 4 years
without damage) - spywares took me by surprise once... and that will go even
through Chipp's ieexplorer plugin - left by default open by the software
maker again? OK, i didn't know it, it's patched now... No big deal. But
Thanks to backups and "reasonable" usage, there's no danger!!! If you want
real security buy it or learn it... Only took 20 rules to rule out most of
my spam! Things like that, just take the users ingenuity, nothing more... 

there's no substitute for education

Xav
http://monsieurx.com

> -----Original Message-----
> From: use-revolution-bounces at lists.runrev.com 
> [mailto:use-revolution-bounces at lists.runrev.com] On Behalf Of 
> Richard Gaskin
> Sent: Friday, April 22, 2005 18:36
> To: How to use Revolution
> Subject: Rev as server immune to buffer overflow?
> 
> I vaguely recall someone quoting Scott Raney as saying that 
> buffer overflow issues aren't a concern when building any 
> socket apps with the engine.
> 
> Do I recall correctly?  Any of you have more background on that?
> 
> --
>   Richard Gaskin
>   Fourth World Media Corporation
>   __________________________________________________
>   Rev tools and more: http://www.fourthworld.com/rev 
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 



More information about the use-livecode mailing list