Dar Scott wrote:
On May 25, 2005, at 10:45 AM, Richard Gaskin wrote:
We already have a secureMode property, and a spec has been provided
for a requested secureFolder property to help secureMode be useful.
I guess I don't know how to use this properly.
Do I type this into the message box?
shell( "revolution -f somestack.rev" )
Is a separate copy of Revolution then run?
SecureMode is documented -- it's a global which governs whether the
engine will have access to file I/O, AppleScript, shell, etc.
Also, I thought this still allows access to files and network
communication. One of the problems with the Java sandbox is that it
allows to much.
Yes, net access is allowed in secureMode, but not file I/O (the
secureFolder request would allow file I/O restricted to a specified
directory and limit the amount of data that could be written there).
So while secureMode addresses viruses it doesn't currently address
spyware. However, if I understand it correctly the scope of such
spyware is severely limited with secureMode on, effectively to those
things in memory during the current session.
Looking at RevOnline it appears that the concept of "trusted" sites
has already been implemented -- is it not documented?
Where are you looking?
The v2.5 docs describe a host of security and encryption options,
including secure sockets, and watching messages shows calls named
rvoSecureStatus, rvoSecureCancel, and ulIsSecure.
Not sure what they do, but since Rev is aware of security concerns and
RevOnline premiered when secure sockets premiered it would seem
reasonable that they use secure sockets to validate channels.
--
Richard Gaskin
Fourth World Media Corporation
__________________________________________________
Rev tools and more: http://www.fourthworld.com/rev
_______________________________________________
use-revolution mailing list
[email protected]
http://lists.runrev.com/mailman/listinfo/use-revolution
