[ANN] Stacks published on the Web

Bernard Devlin bdrunrev at gmail.com
Sun Aug 2 04:57:04 EDT 2009


I understand your concern, Coliln.  What I did was to create a new
user with no admin rights, then log in as that user and download and
run the stacks within the plugin (fast user switching makes that so
easy).   Even if a stack contained the equivalent of 'rm -rf', such a
command would only affect that temporary user's directories.

I'd be interested to know, do you never download stacks from
revOnline?  Or if you download a stack from Richard Gaskin's or Sarah
Reichelt's website, would you type 'set the secureMode to true' before
you did that?

At some level I think we need to trust the other users on this list
(especially those like Alejandro who have been around a while).  In 7
years on this list I don't remember a single instance of someone
reporting that another user had distributed malicious code.

Maybe this is going to be a serious problem in distributing apps via
the plugin.  When someone downloads an app themselves, they
(generally) don't worry about what it might do to their system.  But
when the plugin presents a warning dialog like it currently does, it
might make people reluctant to let the code run, when they would have
had no worries about running an application they had downloaded
themselves.

I don't think Flash apps running in a plugin even have the possibility
to access the filesystem.  I think users may be alarmed by the warning
that the Rev plugin throws up, because it's not behaviour they're used
to seeing within their browser.

Bernard

On Sat, Aug 1, 2009 at 5:20 PM, Colin Holgate<coiin at rcn.com> wrote:
>
> I have no idea what the other two links do, because I'm not going to allow
> permission for the stacks to write files to my hard drive.



More information about the Use-livecode mailing list