World: r3wp
[!REBOL3]
| older newer | first last |
| Graham 21-Jan-2010 [58x2] | But most people would send the request as a dialect and let the other side do the query. |
so, if you can cryptographically sign your function ... and then send it ... well. | |
| Janko 21-Jan-2010 [60x3] | if each internal system is secure on it's own owerall security is better. for example if you controll the client in this story too you think you all is well, but you could still crash the server by mistake, for example owerwriting some global variable of it, and input data that you get from users (in case of an webapp) can then include various techniques for code injections (like they do now with SQL injections) |
cryptograpically sending it wouldn't help in two examples I gave | |
because in both the main point is that you can't trust yourself 100% | |
| Graham 21-Jan-2010 [63] | if you can't trust .. don't do it. |
| Janko 21-Jan-2010 [64] | what if runtime provided sandboxing. I know I know much too little about rebol but I imagine with all the good stuff it does something like this would not be theoretically impossible ? |
| Sunanda 21-Jan-2010 [65] | A sandbox is a long-time wish of mine: http://www.rebol.org/ml-display-thread.r?m=rmlNVBC REBOL3's security policies start to make it possible: http://www.rebol.com/r3/docs/functions/secure.html |
| Graham 21-Jan-2010 [66] | you would have to protect all your globals! |
| Janko 21-Jan-2010 [67] | yay! now it's a wish of two :) |
| Graham 21-Jan-2010 [68] | Let's move this to another group ... |
| Janko 21-Jan-2010 [69] | ok which one? |
| Graham 21-Jan-2010 [70] | You choose ... |
| Janko 21-Jan-2010 [71] | I can hardly ever find what to post where here :=) |
| Graham 21-Jan-2010 [72] | Try core ... |
| Graham 22-Jan-2010 [73] | Anyway to clear the screen in the console short of starting a new session? |
| Pekr 22-Jan-2010 [74] | you might try with con: open console://, but dunno how to proceed. Nor insert nor write works on that port ... |
| Graham 22-Jan-2010 [75x3] | >> probe system/schemes/console
make object! [
name: 'console
title: "Console Access"
spec: none
info: none
actor: make native! [[end!]]
awake: none
]
|
doesn't seem to do much ... | |
slightly less functional than the dns scheme
== make object! [
name: 'dns
title: "DNS Lookup"
spec: make object! [
title: none
scheme: none
ref: none
path: none
host: none
port-id: 80
]
info: none
actor: make native! [[end!]]
awake: make function! [[event][print event/type true]]
]
| |
| Pekr 22-Jan-2010 [78x2] | :-) |
unbelievably .... how much functionality we miss even compared to R2. And we dare to call it "soon"-to-be-beta product | |
| Graham 22-Jan-2010 [80] | It does have more functionality than rebol1 beta ... |
| Pekr 22-Jan-2010 [81x2] | and more than 0.9x alpha ... I still have one somewhere :-) |
We have to wait a bit for Carl to come-up from his cave ... hopefully he is cooking something here or there :-) | |
| Graham 22-Jan-2010 [83x3] | see .. it could be worse |
looks like his still doing site maintenance http://twitter.com/rebol3 | |
oh well... time to play with the host kit. Downloading visual studio 8 ... | |
| Andreas 22-Jan-2010 [86] | Just to be picky: you can't actually infer from `actor: make native! [[end!]]` how much a scheme does |
| Janko 22-Jan-2010 [87] | rebol3 is not in a process of production but design + production so I would not be too restrictive on carl jumping from one thing to another. he is also only one, so he can't just do r3 for 2 years straight |
| BrianH 24-Jan-2010 [88x2] | Implemented the http://www.rebol.net/r3blogs/0300.htmlmodule EXPORT keyword. See http://curecode.org/rebol3/ticket.rsp?id=1446 |
Next up is http://www.rebol.net/r3blogs/0274.htmlcompressed modules/scripts. I have some interesting tricks to make them seamless to use and make, but I have to get a little sleep before I can really dig in to them. | |
| Graham 24-Jan-2010 [90] | Do we need SHA256 in checksum ? |
| BrianH 24-Jan-2010 [91] | Not a bad idea - what uses it? |
| Graham 24-Jan-2010 [92] | Amazon |
| BrianH 24-Jan-2010 [93] | Interesting, how do they use it? |
| Graham 24-Jan-2010 [94] | for signing requests |
| BrianH 24-Jan-2010 [95] | Sounds good. Request it in CureCode. |
| Graham 24-Jan-2010 [96] | Eg. Here I use SHA1 http://rebol.wik.is/S3 but I guess they might want to only allow SHA256 in the future |
| BrianH 24-Jan-2010 [97] | SHA1 has been having problems lately, iirc (which I likely don't). |
| Graham 24-Jan-2010 [98x2] | Do we have an url-encode function? |
This doesn't look good ... http://www.curecode.org/rebol3/index.rsp new issues are being created, but there's a sharp decline in closed issues | |
| BrianH 24-Jan-2010 [100x2] | We were focusing on other things for a while. We're bug fixing now though. |
I'm concerned about the accumulating syntax errors - not new, newly reported. At some point soon we'll have to fix the scanner. | |
| Graham 24-Jan-2010 [102] | Is there a way to specifiy that you want a timestamp vs date ? |
| BrianH 24-Jan-2010 [103x2] | From what? The NOW function, or date! values? |
Also, by timestamp do you mean time! values? Cause they aren't timestamps. | |
| Graham 24-Jan-2010 [105x2] | the former |
now => timestamp now/date => date | |
| BrianH 24-Jan-2010 [107] | NOW/time returns the time. It's not a timestamp though. |
| older newer | first last |