do. command. safety. ?

Tom Glod tom at makeshyft.com
Fri Mar 30 12:49:20 EDT 2018


Valid point Bob. Thank You.

Useful info, Thanks Mark..... I was doing it the right way sometimes. the
wrong way other times. thank you.

On Fri, Mar 30, 2018 at 12:02 PM, Mark Waddingham via use-livecode <
use-livecode at lists.runrev.com> wrote:

> Using do safely is the same as making database queries safe, or URL
> requests.
>
> You 'just' need to make sure that any input from outside is sanitized to
> ensure that it doesn't change the meaning of the expression you are 'doing'.
>
> For example, don't interpolate strings directly in the script using
> quotes, use a local var instead:
>
> put user input into tVar1
> do "put tVar1 into x" -- safe
>
> Rather than
>
> do "put " && quote & user input & quote && "into x" -- not safe
>
> Warmest Regards,
>
> Mark.
>
> Sent from my iPhone
>
> > On 30 Mar 2018, at 16:43, Tom Glod via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> >
> > Dear Geniuses
> >
> > Sometimes.... late at night just before falling asleep I think about the
> > dangers of the do command.  Is it possible to inject code into this
> > mechanism through malware?
> >
> > I do not have enough understanding of operating systems and their
> processes
> > ...and the livecode engine....to be able to know if its a reasonable
> > question or not.
> >
> > Thanks for any input on this.
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



More information about the Use-livecode mailing list