load command security holes?
Mark Brownell
gizmotron at earthlink.net
Tue Jul 27 16:02:49 EDT 2004
Hi,
How secure is the load command in Rev standalone applications?
When I use "load URL myURL," is it possible ever to download a harmful
executable application that could some how escape or run from or within
the cache? I'm not considering that the file being downloaded would be
a stack. In other words it should only be a text file or an MTML file.
But what would happen if a user created a link to a stack file that
would then save itself or do something else? Would that stack file
somehow run or start on its own while in the cache? Something like that
could be used to destroy global vars in the simplest form of malicious
activity.
I guess what I'm saying is that a simple browser created with
Revolution would have no Java, active-X, or java script capabilities
that could even remotely be considered equivalent to the security holes
found each week in Internet Explorer.
Thanks for any advice,
Mark
More information about the use-livecode
mailing list