load command security holes?
Brian Yennie
briany at qldlearning.com
Tue Jul 27 16:10:33 EDT 2004
Mark,
Using load URL shouldn't ever be able to execute any code or open a
stack. I would be different if you were using a "go stack" or "open
stack" with a URL, but load URL should only download, and won't treat
such as a stack unless you explicitly address it that way in your own
code.
HTH,
Brian
> How secure is the load command in Rev standalone applications?
> When I use "load URL myURL," is it possible ever to download a harmful
> executable application that could some how escape or run from or
> within the cache? I'm not considering that the file being downloaded
> would be a stack. In other words it should only be a text file or an
> MTML file. But what would happen if a user created a link to a stack
> file that would then save itself or do something else? Would that
> stack file somehow run or start on its own while in the cache?
> Something like that could be used to destroy global vars in the
> simplest form of malicious activity.
More information about the use-livecode
mailing list