do. command. safety. ?
Richard Gaskin
ambassador at fourthworld.com
Fri Mar 30 18:02:35 EDT 2018
Tom Glod wrote:
> Sometimes.... late at night just before falling asleep I think about
> the dangers of the do command. Is it possible to inject code into
> this mechanism through malware?
Mark's discussion handled the security aspect well.
The only thing I could add would be to examine each case and determine
if "do" is even needed at all there.
In addition to the risk of inviting arbitrary code execution, it's
usually slower than any more direct alternative. And its use is often
dependent on concatenated expressions, making code more cumbersome to
both write and read.
We used to use "do" a lot in HC, where we had to rely on it often to
circumvent limitations with concatenated object references, variables
with names that could not be known in advance, and others.
LC has much more intelligent handling of concatenated object
expressions, and with arrays we can handle any number of variables where
we need the variable name determined on the fly.
In LC "do" is still sometimes useful, but far less often. I can't
remember the last time I needed to use, probably a couple years ago.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list