ANN: revHTTPd next generation (please read, many many goodies inside)

Andre Garzia soapdog at mac.com
Tue Jan 20 12:20:11 EST 2004


On Jan 20, 2004, at 4:50 AM, Simon Brown wrote:

> Wow. Very interesting. Will have to spend some time playing around 
> with this.
>
> Wondering about the security aspects of this though. Could a carefully 
> designed stack with this feature be safe? Would the data have to be 
> locked (static) only?
>
> Simon.
>

Simon,

there are some security flaws by design... You can access any stack, 
you can send any message to any stack available... this is sure a flaw, 
or a opportunity. While running in a standalone there's not much harm 
one can do this way, but in the IDE the revIDE stacks are available... 
that's bad...

Also with INFORM you can write data and read data from anystack... but 
it was designed that way. The best way to address security is to create 
  custom properties for blessed stacks and blessed messages, this way 
one can use only that, but that proved to be a huge drawback in the 
framework.

When I release the code this week, you'll see that the engine is pretty 
simple, and adding more robust security to it can be done... I've got a 
internal version with a frontscript that does that for me... but that 
won't be released, it's alpha.

Cheers
Andre



>
Andre Alves Garzia ð 2003 ð BRAZIL
http://www.soapdog.org



More information about the use-livecode mailing list