Valid point Bob. Thank You. Useful info, Thanks Mark..... I was doing it the right way sometimes. the wrong way other times. thank you.
On Fri, Mar 30, 2018 at 12:02 PM, Mark Waddingham via use-livecode < email@example.com> wrote: > Using do safely is the same as making database queries safe, or URL > requests. > > You 'just' need to make sure that any input from outside is sanitized to > ensure that it doesn't change the meaning of the expression you are 'doing'. > > For example, don't interpolate strings directly in the script using > quotes, use a local var instead: > > put user input into tVar1 > do "put tVar1 into x" -- safe > > Rather than > > do "put " && quote & user input & quote && "into x" -- not safe > > Warmest Regards, > > Mark. > > Sent from my iPhone > > > On 30 Mar 2018, at 16:43, Tom Glod via use-livecode < > firstname.lastname@example.org> wrote: > > > > Dear Geniuses > > > > Sometimes.... late at night just before falling asleep I think about the > > dangers of the do command. Is it possible to inject code into this > > mechanism through malware? > > > > I do not have enough understanding of operating systems and their > processes > > ...and the livecode engine....to be able to know if its a reasonable > > question or not. > > > > Thanks for any input on this. > > _______________________________________________ > > use-livecode mailing list > > email@example.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > firstname.lastname@example.org > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list email@example.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode