do. command. safety. ?

Richard Gaskin ambassador at fourthworld.com
Fri Mar 30 18:02:35 EDT 2018


Tom Glod wrote:

 > Sometimes.... late at night just before falling asleep I think about
 > the dangers of the do command.  Is it possible to inject code into
 > this mechanism through malware?

Mark's discussion handled the security aspect well.

The only thing I could add would be to examine each case and determine 
if "do" is even needed at all there.

In addition to the risk of inviting arbitrary code execution, it's 
usually slower than any more direct alternative.  And its use is often 
dependent on concatenated expressions, making code more cumbersome to 
both write and read.

We used to use "do" a lot in HC, where we had to rely on it often to 
circumvent limitations with concatenated object references, variables 
with names that could not be known in advance, and others.

LC has much more intelligent handling of concatenated object 
expressions, and with arrays we can handle any number of variables where 
we need the variable name determined on the fly.

In LC "do" is still sometimes useful, but far less often.  I can't 
remember the last time I needed to use, probably a couple years ago.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com




More information about the Use-livecode mailing list