Am Donnerstag, 20. November 2003 06:15 schrieb Sabu Francis:
> Hi:
> Thank you Max and thank you Romano. I fixed the problem this way.
>
> I gave up the idea of using an object, because as Romano had pointed out;
> it can be insecure
> when the block is converted to an object, the code will get executed. I
> cannot afford to have my
> users put up some arbitrary Rebol code inside the configuration file --
> say to mail out
> out the secret recipe for everlasting youth which is residing on my server
>
> :-) to them or
>
> do something more sinister.
>
> So now I'm using the following code
>
> ;;;Warning: Untested code
> loadCfg: function [cfgfile] [pp]
> [
> either error? try [ pp: load/all cfgfile]
> [
> return false
> ]
> [
> forskip pp 2 [set first pp second pp]
> pp: none
> return true
> ]
> ]
>
> The cfgfile contains parameters that are written in name value pairs using
> Rebol syntax, thus:
>
> a: {Something in the way she moves attracts me like no other lover }
> c: "Something in the way"
> c: ["she" "woos" "me"]
> d: 9
> e: [EMAIL PROTECTED]
>
>
> Using the forskip statement in my code, the appropriate global variables
> are setup. Though
> I dont like global variables generally (a habit picked up while programming
> in other languages)
> I guess I'll live with that for now. I am hoping that the way the globals
> are setup using the forskip
> statement, I would be preventing people from putting executable code into
> the configuration file
>
> Or have I got that wrong? Is there a better way of doing it?
>
On newer rebols there is 'construct. which creates an object but executes
nothing.
>> probe construct[hehe: print "hacked" name: "me" block: [1 2 3] object:
#[object! [a: none]]]
make object! [
hehe: 'print
name: "me"
block: [1 2 3]
object:
make object! [
a: 'none
]
]
A eventuall drawback is, using the #[object! []] a lot seems to crash
sometimes. Gabriele reported problems when using it for lots of messages.
I guess its related to the problems with unbound words.
But it crashes then completely, does not execute code.
so your youth would be save :)
You get the #[object![]]-stuff when using save/all or mold/all, so you can
recreate objects without executing code.
Words in such objects are not bound, like to-block does. so functions there
may start, but trigger an error immediate.
-Volker
--
To unsubscribe from this list, just send an email to
[EMAIL PROTECTED] with unsubscribe as the subject.
