Passing Parameters
Richard Gaskin
ambassador at fourthworld.com
Mon Nov 7 10:52:02 EST 2011
Phil Davis wrote:
> On Mac OS X, you can do it from the command line.
>
> 1) create a standalone app (named "Untitled1" in this example) that has this
> stack script:
>
> on startup
> dispatch $1 to me
> quit
> end startup
As an example of how to use environment variables that's an excellent
one, but for production work it may pay to be a little paranoid, taking
the view that an API like a command line is a potential point of
security exposure.
Rather than execute anything that comes in on the command line, we could
instead parse it to ensure it meets a list of acceptable commands:
on startup
switch word 1 of $1
case "ExampleCommand1"
case "ExampleCommand2"
case "ExampleCommand3"
dispatch $1 to me
default
put "Invalid command: "& word 1 of $1
end switch
quit
end startup
For the relatively low cost of double-checking the command in the string
$1 we can limit the range of things that the app can be used for.
It's a little more work, but prevents using the full range of LiveCode
to manipulate the app in unintended ways.
--
Richard Gaskin
Fourth World
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
LiveCode Journal blog: http://LiveCodejournal.com/blog.irv
More information about the use-livecode
mailing list