Tom Glod wrote:

> Sometimes.... late at night just before falling asleep I think about
> the dangers of the do command.  Is it possible to inject code into
> this mechanism through malware?

Mark's discussion handled the security aspect well.

The only thing I could add would be to examine each case and determine if "do" is even needed at all there.

In addition to the risk of inviting arbitrary code execution, it's usually slower than any more direct alternative. And its use is often dependent on concatenated expressions, making code more cumbersome to both write and read.

We used to use "do" a lot in HC, where we had to rely on it often to circumvent limitations with concatenated object references, variables with names that could not be known in advance, and others.

LC has much more intelligent handling of concatenated object expressions, and with arrays we can handle any number of variables where we need the variable name determined on the fly.

In LC "do" is still sometimes useful, but far less often. I can't remember the last time I needed to use, probably a couple years ago.

 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web

use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to