Hi Rich, @15-Nov-2003, 16:42 -0500 (15-Nov 21:42 UK time) rich gregory [RG] in mid:[EMAIL PROTECTED] said to Roelof:
RO>> Apart from that, there are no security issues for TB. TB RO>> doesn't do anything unless you tell it so. RG> I ask because (though TB! does do stuff I've told it to in it's RG> macro language) my primary concern, I suppose, is that someone RG> may SEND ME a TB macro that gets executed. TB macros are only executed when TB evaluates a template. If you have a template that refers to macros in a disk file in your attachments folder then conceivably someone could send you a malicious macro and the very next time you evoke a template (for a reply, auto-responder, new message, confirmation or forward) it could execute the malicious code. BUT!!! 1) The person sending you the code would have to know the name of the file you use. 2) You would have to have had your brain removed to write such a template that calls upon a file in the attachments folder in the first place - and then *told* someone about it! No, this is so far beyond the realms of possibility that it's not worth thinking about, let alone losing sleep over. It's the fact that macros are only executed when a template is evaluated that is key to this. This seldom happens without you instigating it. The exception is a filter action. It's up to you not to code any filters that call upon easily accessible and obvious disk files. -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v2.01.26 on Windows XP 5.1.2600 Service Pack 1 '
pgp00000.pgp
Description: PGP signature
________________________________________________ Current version is 2.01.3 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
