>
>We have to protect our customers against :
>- downloading a utility and misusing it
>- downloading a bugged and dangerous mc file
>- downloading some mc-based virus
>
>I can think of 2 kind of solutions :
>
>1) solution based on signature
>The programmer put his signature in his runtime and in his stacks. When
>opening a stack, the runtime checks if the stack has the right signature.
>The process could be a "compress+encrypt" function built in the engine and a
>"decompress+decrypt" function build in the runtime.
>
Low level support (aka sockets) for digital signatures is on the top of my wish list.
Don't know much about the details, so perhaps a general discussion would help clarify?
1) What's the best strategy currently - ie for sending Credit Card information?
2) What is the undocumented Metacard encrypt function I heard/dreamt about?
3) What type of encryption is now legally exportable?
4) Are digital signitures an open standard, and what would it take to be able to get
Metacard to validate these for emails and scripts.
I came across some freely available C code a while back which dealt with a wide range
of encryption standards, but not sure if it is/was legal. Would be great to modify
these into cross platform externals - anyone?
>2) solution based on limiting the runtime
>The Navigator, MSIE or javascript have some internal limitations to forbid
>writing on the user's disk.
>Would it be possible to have in metatalk some internal flag forbiding a
>runtime to write on the user's disk but in the folder where the runtime is ?
>
Or better an array of valid folders with corresponding digital signatures...
Archives: http://www.mail-archive.com/metacard%40lists.best.com/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
