[EMAIL PROTECTED] wrote:
>
> On 1/11/2000 at 2:22 PM [EMAIL PROTECTED] wrote:
> {
> I understood (or perhaps misunderstood) the original note to have
> more casual users in mind, such as students taking a class, who
> might be quizzed via scripts whose source (and data!) wouldn't be
> made public. Is that market likely to support a serious crypto-
> cracking effort?
> }
>
> Well, wouldn't a server-side script running as CGI do this?
>
> I mean assuming the CGI folder is not part of the public HTML,
> and the students don't have login access to the server.
>
For that particular example, yes. But I was trying to focus on the
question of how industrially bullet-proof the security needed to be,
not on the particulars of the example. A browser is not necessarily
the right tool for all situations.
I see real value in being able to send someone a file that can be
executed via REBOL without having to simultaneously give away the
source.
For example, I'm providing volunteer consulting to a local school.
I wrote the benchweb.r web server testing script while trying to help
them understand how their web site (and ISP) were performing.
(Incidentally, I did post that one to rebol.org, so sometimes I *am*
willing to give away the source.)
However, I may want to give them other scripts in the future WITHOUT
the source being quite so accessible, for a variety of reasons:
1) I don't want to worry about someone changing the script (by
accident or out of curiousity or whatever...) and then calling
me to complain that it doesn't work.
2) Some of the systems are student-accessible. I may be willing to
give the alpha geek some capabilities (such as stressing a web
server during off hours) that I don't want to provide to J. Random
Student, along with full source.
3) There are other volunteers working there, as well as vendors and
contractors. They may be grown-ups, but they may also be
competitors in other settings. I want to be able to decide when and
how much of my (limited supply of ;-) knowledge I leave lying around
for free.
4) ... and so on ...
The compiler-level source code security of Java, VB, and even c, can
probably be compared to having a deadbolt on your back door. A
sufficiently motivated and equipped intruder can smash into anything,
if he thinks it is worth his time. But it certainly lowers the risk,
and nearly eliminates the likelihood of the passing stranger taking a
shortcut through your kitchen or bedroom.
I'm assuming we don't want a Perl-style security model, in which the
notation is so baroque that nobody but the original author is ABLE to
read a script! (Just kidding, Larry! ;-)
-jn-
