World: r3wp

that is why even normal View is not able to get control panel proxy 
setting

Brian's suggestion might work, but not sure Josh will do it, as he 
already suggested we should contact Carl, to fix View code involved 
...

ok, my bad understanding

no persistent sandbox? what do you mean, please? Are you suggesting, 
that our plug-in apps, should not rely on local storage? I am not 
sure I like it ...

Imagine plug-in version of IOS. Currently the sand box is in Temp 
dir, which get's purged by control panel setting. I don't want to 
lose MY local data :-)

I have gone over this before - the key word is anonymous.

maybe I don't understand what you mean ....

Josh's aforementioned secure source code was something I suggested. 
The other part of the suggestion was that every secure script would 
be cryptographically signed by an SDK license key, or some other 
way for RT to trace the author of the script. Only those signed scripts 
would be allowed to store persistent data in a sandbox without the 
attempt to do so prompting the user with a security requestor.

so in your opinion, plug-in should not be allowed to write even in 
sandbox dir?

Scripts that aren't cryptographically signed (anonymous scripts) 
would be limited in what they can do on your system.

my question was a bit different, though. Let's imagine your proposed 
secure way, so I can use it for some app, to sync some data to user. 
The problem for me is the sandbox placement - in system Temp dir, 
which can be purged via control panel. I am not sure I like it, if 
there is possibility I could loose my synced data. Or am I missing 
something?

Your last reaction to when I brought this up:

OK - one thing is clear now - "What would you let your worst enemy 
do with your computer?" should be a saying for Rebol plug-in .... 
now just how to represent it ...

My suggestion was just for anonymous scripts. Signed scripts could 
get a sandbox, probably somewhere under %appdata%.

Did it take long time for you to dig it up? :-)

I just had to look for the last point in the history where I posted. 
Security seems to be a recurring theme in my posts. :)

btw - what do you mean by "should not get a persistent sandbox at 
all" - do you mean it should not be allowed to write to temp at ll, 
just use memory? Or just by anonymous you mean randomly generated 
"anonymous" directory somewhere in Temp directory?

Isnt' this a bit over the top?  What about cookies ?

No, just use memory. No cookies except browser cookies - there should 
be a way to access them, similar to how do-browser lets you access 
JavaScript. Perhaps a wrapper function around do-browser could work 
for now.

although some storage for graphics-heavy things would be nice.

Brain - are you suggesting so tight security for us rebollers only, 
or do also other plug-ins use such limited environment? (although 
I am starting to understand, that there should be NO way of how to 
harm your computer, or it will be regarded - unsecure)

I don't want there to be any need for people to make a REBOL-blocker 
like FlashBlock or NoScript.

(both of which I use,  btw)

i would not go oncrypto only but also on "allow website", like noscript

Yes, we need better security requestors too.

yes, and remembering such things. maybe asking on start to allow 
access to last session. if denied sandbox is cleared.

that is one extra click

Volker, I agree that some graphics-heavy scripts could use local 
storage. Those scripts could easily be signed though.

There should also be a way to provide access to the browser's objects. 
The browser already caches those, and that cache is managed by code 
that the user is already trusting.

signing needs keys. then we need a free registry if we want all the 
newcomers to have fun.

and allowing access based on url is IMHO the most natural way.

Actually, there is a lot that you can do even within those restrictions. 
Just look at Flash.

but there could be done more :)

speciallly when things start. later onecan optimize, but thefirst 
 protoype-bitmaps can be large.

and if you cancel "reuse last session" and check "forever" you are 
pretty much anonymous.

Well then, the question you should consider when thinking about newbies 
is this: What would you let your worst enemy do with your computer? 
This is the web. We aren't talking about saints here - we are talking 
about people who use baner ads to install spyware.

I did ask. cant see doors for banner-adds nor spyware.

Banner ads are on web pages. You can make banner ads with Flash, 
and that is less dangerous than the current plugin.

files are a risk to privacy if they cant be blocked. that reuse-question 
does this. and they can be prepared to be run, eg called *.exe and 
hoping the user some day clicks on them. so i suggest a wrapper, 
maybe store everything as rebol[]#{stuff} or in a single zip or something.

i thought we talk about local storage. what has that to do with banner-addds?

wouldn't e.g. local storage limited to say 20 MB be sufficient "security"? 
Hmm, should read that Flash security doc first probably :-)

As I've mentioned here before, there many nasty things you can do 
with the present plugin and I don't want to make suggestions on a 
web-public group. Go private if you want some ideas - I trust you 
not to misuse them.

I read the Flash security doc, and it has many good ideas. I'm still 
a little iffy about it providing cookies to anonymous scripts without 
providing a management interface - that's why I still use FlashBlock.

how can cookie harm you?

I mean Flash cookies - browser cookies do have a management interface.

Cookies can be used to track your movements, and can be used as persistent 
distributed storage.

I trust you gurus for proper security concerns, however let's not 
forget us - the end users, where over complication does not work. 
Even Vista is being reduced in such regard - way too many obtrusive 
security requestors to users. In other words, - don't bother end 
user with questions he knows sh*t about their meaning anyway:-)

Imagine if Google used the plugin for their ads - they would be able 
to store their whole database distributed amongst the computers of 
everyone on the internet. Would a security requestor be able to explain 
that to a newbie?

no

The advantage to cryptographic signing isn't just being able to track 
down an author, it also allows certificate revocation. With a free 
registry, revocation wouldn't matter - the bad guys would just register 
again.

askiing user e.g. what you discussed here - "do you want your previous 
cache to be deleted?" would result to "What is cache?" in 99% and 
users would press "Yes" .... or "no" .... :-)