"opus.species" wrote:
>
> As most people on this list i downloaded and tested the portal of
> Sivakatirswami.
> That's a great job !
> Until now, the "computer based training" solutions where based on java (cf
> toolbook) or shockwave or flash. It was difficult to program and/or heavy to
> download.
> Sivakatirswami's solution is light, powerful and elegant.
>
> But we have now to consider the security...
>
> A *.mc app can do anything : destroy all the data of a computer, use a
> computer to destroy all the data on a network, ...
>
> We have to protect our customers against :
> - downloading a utility and misusing it
> - downloading a bugged and dangerous mc file
> - downloading some mc-based virus
>
> I can think of 2 kind of solutions :
>
> 1) solution based on signature
> The programmer put his signature in his runtime and in his stacks. When
> opening a stack, the runtime checks if the stack has the right signature.
> The process could be a "compress+encrypt" function built in the engine and a
> "decompress+decrypt" function build in the runtime.
1.1) Why not as an RSA public/private keys encryptation system, stored, as a
metatalk script, in an encrypted client-side home stack or its substitute,
suitable, without any changes, with the actual 2.3.1 issue of MC ?
>
> 2) solution based on limiting the runtime
> The Navigator, MSIE or javascript have some internal limitations to forbid
> writing on the user's disk.
2.2) Not realy secure. It's not difficult to pass trough those limitations
(activeX, sockets using perl, php or mc on the server-side, etc...).
> Would it be possible to have in metatalk some internal flag forbiding a
> runtime to write on the user's disk but in the folder where the runtime is ?
>
> Archives: http://www.mail-archive.com/metacard%40lists.best.com/
> Info: http://www.xworlds.com/metacard/mailinglist.htm
> Please send bug reports to <[EMAIL PROTECTED]>, not this list.
Cheers, Pierre Sahores
WEB, DB, B2B & ASP design.
There are countries where people
have six fingers because they
don't know the metric system.
Sir Jean Yanne
Archives: http://www.mail-archive.com/metacard%40lists.best.com/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
