One cute hack for MacOS X (... or nice internet protocol helper hacks...)

Ken Ray kray at sonsothunder.com
Tue Jan 3 15:53:55 EST 2006


On 1/3/06 2:38 PM, "Chipp Walters" <chipp at chipp.com> wrote:

> I've thought about this for sometime now.
> 
> The way to do this is take a basic player, (like Ken Ray's StackRunner)
> let's call it WebRev and tie it to a server database which validates
> "good stacks" using a checksum. Then anyone who clicks a link on a
> webpage and downloads the .rev file (or other extension?) would get a
> notice (after comparing the stack name and checksum):
> 
> This stack IS/IS NOT registered with the WebRev database. Continue at
> your own risk! Basically a poor man's certificate system. IMO, without
> such a system, either 1) products built using secureMode would be of
> little use; or 2) there would be too great a security danger.

That's a great idea, Chipp! That's definitely something cool to run with...
do you see StackRunner *only* running web-validated stacks, or also able to
run locally executed stacks? The reason I ask is that currently StackRunner
is designed in a way where a configuration file can tell it to automatically
run a stack; there's nothing saying this couldn't be extended to support
stacks at web URLs, with an additional feature being that it would check the
WebRev database for a certificate. This way, SR could validate web-based
stacks either accessed automatically when SR is 2x-clicked manually, as well
as when it is launched due to a webrev: protocol. In general, do you see any
problem with a dual/multi-purpose player app?

> I'm just not a fan of securemode, especially if one is trying to create
> a real application which runs from the web. I believe certification is
> the best way to go, and I've stated that since the early days of Java
> and ActiveX. That's one thing MS got right.

Agreed - I'm not thrilled with secure mode either.
 
> Then by adding auto-update capabilites to WebRev, one could keep it
> auto-updtaed easily. Then AJAX like apps could easily be run by just
> clicking a link on a webpage. Key point: WebRev should not be any kind
> of adware/spyware type of product. That would KILL it.

Amen, brother!


Ken Ray
Sons of Thunder Software
Web site: http://www.sonsothunder.com/
Email: kray at sonsothunder.com




More information about the use-livecode mailing list