From: Andy Dent <[EMAIL PROTECTED]>
Date: Tue, 16 May 2006 09:50:09 +0800
[Ronald] It appears you can no longer pass an object through the
context in either way.
[Mars] You were never supposed to be able to do that in the first
place;
[Ronald] I gave it quite a bit of thought, but can't find a valid
reason for denying this feature in RBScript.
Think harder and think about Design by Contract and subverting
meaning :-)
I think this is one of the most fundamental reasons why people can
trust using RBScript for scripts exposed to the end-user.
At the very least, if RS gave into pressure and implemented this
feature I would demand that they do it with
1) an optional flag
2) that the option default to OFF for object-passing support so
nobody can be surprised by it being suddenly available.
I am glad to hear that RS have tightened security by closing this
inadvertent loophole.
Erm...
Except that this technique goes against library and script design in
just about every other language, or at least every other popular
language :(
If you think we can't trust RBScripts, what's to say we can trust
perlscripts? Is it really a good idea to assume that everyone will be
uploading their own custom RBScript onto your website's frontpage??
I mean, if they can harm something by putting in a bad RBScript that
"commits the horror of passing an object around", whats to say they
can't do something bad by printing a naughty string?
Seriously, I think you don't enough about script usage and library
design.
Even perlscripts allow other perlscripts to pass around data.
Do you think perl is less popular because it doesn't have this
"Security feature"?
Or that the perl community would burn it's maker's house down if he
decided to impose this sort of restriction?
It's all very well in theory saying that because perhaps maybe there
could possibly be one time when a bad result could happen.
But what about the proof and real world examples from real world
users where they really have valid reasons to pass around objects,
right now?
The simple solution, would be to just make it so that we CAN pass
objects, typed objects. Wouldn't that increase security? because if
you pass a typed object, you can't get people passing through bad
objects posing as a different class.
It's all very well trying to sound try reasonable, in the tiny
sandbox world of realbasic, when the rest of the big wide world is
too busy using solutions that directly contradict what you are
saying, to want to come in here and disprove you and show that your
reasonable act isn't quite it.
--
http://elfdata.com/plugin/
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
