On Thursday, August 7, 2003, at 01:24 PM, Richard Gaskin wrote:
Mark Talluto wrote:
In the non-password-protected stack, all three text strings are readable. In the password-protected stack none of them are.
It seems a change was introduced in the engine at some point that now provides complete protection for all three types of data storage.
I just did another test in MC 2.5:
While it is true that the data is safe in a text editor, it is not safe
when you do the following:
Try opening that stack you created in MC. You can not get to the script data, but you can surely open up the custom property and read what you put in there.
Good point. But while there mare good reasons to have self-modifying
scripts, I'm not sure that having script space double as data storage is the
optimal answer. Ironically the habit began with users of HC and OMO,
neither of which provided options for protecting scripts at all....
Maybe better would be a development-level password protection: when the
devPasskey is set, before a stack can be opened in any IDE it would need to
have a matching devPassword.
Of course one could build their own IDE, but if the data's that interesting
it really needs something stronger than the engine's DES-based encryption
anyway.
Ahhh...another good point. We do need a better solution for encryption of data in stacks.
Best regards, Mark Talluto http://www.canelasoftware.com
_______________________________________________ metacard mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/metacard
