>No FTP keeps a control connection open. Takes all of
> PORT aaa,bbb,ccc,ddd,eee,fff
> RETR filename
>to get a file with FTP. Still requires a seperate connection, though.
>Which much be opened and closed after every file.
Does it take much time to open/close a connection? If not, we could
go with FTP.
>If we have small cards, there is no good reason not to put a bunch
>in one file.
Well, 500 small cards could still result in a file of 1MB being
downloaded even if the user only wants to access one of them. We can
later add in the feature to group cards (e.g. if some cards are used
for an animation), but as a default behaviour splitting on a per-card
basis sounds reasonable to me.
>If done improperly. But no reason there can't be a property to allow
>changing over the web. Could be usefull on company intranets, for
>example.
Well, whatever. I just thought since the most common and secure use
is only allowing viewing, this would be the best choice.
>A special folder next to the stack really does not make sense when the
>stack is on the web. There are many considerations for stacks on the
>web. Consider:
>
> - if a stack is running from the web, may it call other stacks?
> -from the web?
> -local?
> -if a local stack is called by one on the web, can
> it modify files? Call XThings?
> -what if one catches and passes or resends
> an open message? How do we handle that?
Web deployment would probably work using a special copy of FreeCard
which has all security-sensitive commands turned off. It would be
able to run external stacks, but they wouldn't be able to run XCMDs
etc.
> - if a web stack can not call other stacks, how does it use all the
> handlers in the home stack?
There would be no home stack for web stacks. They'd have to add the
handlers they use to their project, like with HC standalones. Or we'd
lock the home stack, which means it's the only stack web stacks can
call, and you can't change the home stack via the web.
> - can a web stack generate network traffic?
> - what information is a web stack allowed to gather?
> - can it query machine info, FreeCard info, Internet Config
> info, etc.?
> - if so, how do we prevent privacy violations?
> - if not, how does it check for bugfixes, feature
> availibility, etc.?
> - do we have to do a taint check on all
> variables, buttons, fields, files, etc.
> to prevent privacy violations?
> - if so, what about using "if"
> statements -- e.g.
> if (version < 2) then
> -- send list of exploits for
> -- versions less than 2 to
> -- server
Allowing to detect the FreeCard version should be enough. Maybe we
could even allow detecting availability of certain commands (e.g.
check whether it has movies) but this wouldn't indicate whether it's
QuickTime or xanim or RealPlayer, or what version.
As on generating network traffic, I think we'd have to allow that.
Of course we could restrict that to the server the streamed file
resides on.
>Lots more things, too. Writing security & privacy aware apps can be a pain.
Cheers,
-- M. Uli Kusterer
------------------------------------------------------------
http://www.weblayout.com/witness
'The Witnesses of TeachText are everywhere...'