>>> Uli: they will be.
>>> After all, our porting criteria also include
>>> that HyperCard virii like MerryXmas will run.
>>> Of course, we could add some protection
>>> schemes that prevent the home stack from being
>>> modified etc.
> Alain: Home for sure, but it is not the only
> sensitive component. All scripts should be
> protectable. Make sure, among other things,
> that nefarious programs like Devil's Workshop
> are effectively barred access.
> Possible?
> MP0werd:If I understand the engine,
> we can save the compiled code
> and not the plaintext representation,
> but like JAVA, even this could
> be reverse engineered, and plus, hiding code goes
> against everything open source stands for.
Alain: Nothing is full-proof. I suspected as much, but
it is not necessarily the type of protection that I
was talking about. I was mainly responding to the
threat of the merryxmas-antibody variety that
subversively changes your home stack script. The
dreaded runtime-code-changes threat, under another
guise.
Alain: I was not talking about hiding or obfusticating
our FreeCard source code. Not at all. My hopes in this
regard are headed in the opposite direction, eg
maximum clarity and documentation.
>>> MP0werd: True, but I thought we'd sandbag
>>> anything from the net.
>>Alain: Are you referring to the security procedure
>>that executes tainted code in a special protected
>>environment? (often referred to as a "sandbox")
> Yeah, for example, I believe uli or deroberts
> raised the idea that by default,
> stacks from the net would be limited to
> their own folder.
Alain: Sounds like a wonderful idea. This will
undoubtedly reassure security-minded clients that want
to limit the risk and scope of their exposure to
foreign code. Same idea underlies "CGI-bin" and other
special folders.
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
