World: r3wp

i don't know, have you found any? :)

those exist already

you've had 2 years ;-)

Infinite popups are blocked ..I think there's a limit.

Seriously, I'd love a list of any security problems that you guys 
have encountered as you've used the plugin.

And please feel free to hack at it, try exploting buffer overruns, 
etc.

We want to catch those things now.

just please send me a note privately if you find one :)

I haven't seen any, but then I've not tried to break security ..

no, we're nice people

My chat client also runs in the plugin ...

oh cool, can you send me the URL? i'd love to check it out

Working on that.

though I note I had to run a dummy window first otherwise the client 
run inside the browser window instead of as a separate window

http://www.compkarori.com/reb/

If the chat client wipes your hard drive, consider it a security 
exploit!

Problem: the security certificate for IE has expired (about 2 months 
ago). We will need to renew it.

until then, we can't post the 1.3.2 version.

Anyone have a good low-cost source of certificates?

code signing certificates

if you post it, it won't install under IE now?

Otherwise, we'll go back to Thawte.

no, it won't install without a valid certificate.

(The vender certification process can take a lot of time... they 
have to verify that we are "good guys".)

So, we're probably locked into Thawte.

Otherwise it can take a week.

has it been tested under IE7 as well?

No, I don't have it installed...if someone does, please tell me how 
it goes.

graham, how do i register for an account with your chat program?

at the login page, there's a register button.

I guess Eliza wasn't too helpful?

no ha ha that was funny

We're trying to get the mozilla stuff posted. That's not packaged 
for installation yet (that's 5% of the missing 10%).

But you can copy the files to FireFox\plugins, so it's not that hard.

OK, so I want to get a discussion started. What do you guys want 
to see in the next version of the plugin?

well, I'm not sure what the level of ambition is for the next version?

1.3.2 is going out as-is, just an upgrade to the latest rebol viewdll.

but at some point it'll be essential to run encapsulated scripts 
and use secure connections

1.3.3 is a feature upgrade, so i'm open to ideas...as long as it 
doesn't rely on something in rebol 3, we can look at it.

is it in any way tied in with the SDK? is it possible to do /pro 
or /command stuff?

Not sure on that, I need to check with Carl....I think I understand 
your overall question though, can we make a version of the plugin 
that supports pro/command right?

I need the plugin for an application that could potentially be used 
for a few thousand users in an open enterprise environment, but signed 
scripts and security are essential there.

got it. we'd have to look at some sort of licensing.

maybe have rebol in the plugin download a license from a web server 
or something like that.

we'd have to figure out a way to prevent others from using your license.

A way to protect plugin source code

A way to add higher order encryption

is a must...

in short, we have to make sure that the right users are running the 
script and only those users have access to data (customers, accounting, 
etc.)

encrypting the source?