View scripts of my standalone? - Major Security Issue

[Lyn Teyla]

If I remember correctly, there is a long-standing security
issue where anyone can view the stack scripts of ANY Rev
standalone by doing a "memory dump" WHILE the app is running.

This works EVEN if all stacks are completely password
protected (and therefore encrypted)!

Apparently this is caused by the RunRev engine decrypting
and reading the scripts into memory and keeping them there
in clear text for as long as the app/stacks are open.

I have no idea how to do a memory dump, but I'm sure many
do, and this security issue has kept us away from deploying
major apps using Rev.

By the way, this could also mean that the same security issue
plagues the browser plugin, if the same method of running
stacks is used.

This can be a major problem especially if the scripts contain
sensitive details such as database logins and so forth.

Can anyone from RunRev confirm if this major security issue
has been resolved?

Also, can anyone who knows how to do a memory dump provide
details on how this is done, so we can verify if this is
still happening for standalones built using the latest version
of Rev, and so that Kee can extract the needed scripts?


Kee Nethery wrote:

> Is there a way to view the scripts in the standalone or does runrev purposefully make that difficult?