on 8/13/2000 11:29 PM, Scott Raney <[EMAIL PROTECTED]> replied to
"opus.species" <[EMAIL PROTECTED]>:
>>
>> But we have now to consider the security...
>>
>> A *.mc app can do anything : destroy all the data of a computer, use a
>> computer to destroy all the data on a network, ...
>
> Just like any email message sent to a person using an unpatched
> version of Microsoft Outlook! Indeed, the latest exploits don't even
> require you to *read* the message, let alone open an attachment...
>
>> 2) solution based on limiting the runtime
>> The Navigator, MSIE or javascript have some internal limitations to forbid
>> writing on the user's disk.
>> Would it be possible to have in metatalk some internal flag forbiding a
>> runtime to write on the user's disk but in the folder where the runtime is ?
>
> Something like this is already in there: Setting the "secureMode"
> property to true prevents accessing files or running subprocesses on
> the current system. You can set it to true in a startup handler (once
> set to true, it can never be set back to false for that session), or
> on Windows and UNIX, by passing "-f" on the command line.
> Regards,
> Scott
But you can't set this for a standalone app you are running, can you?
Some programs need a file access. MetaCard is a *very* powerful environment
and can do things many other programs cannot.
So we are back to the old warning, caveat emptor -- let the buyer beware! If
you don't know what you are downloading and running, you are taking your
computer's health into your own hands.
So, be careful what you do! And keep backups!
Raymond
Archives: http://www.mail-archive.com/metacard%40lists.best.com/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
