• Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

AltME groups: search

Help · search scripts · search articles · search mailing list

results summary

worldhits
r4wp26
r3wp441
total:467

results window for this page: [start: 1 end: 100]

world-name: r4wp

Group: #Red ... Red language group [web-public]
Kaj:
12-Jul-2012
That should work, and be more secure
Pekr:
25-Jul-2012
old version, not secure, etc. R3 in the browser would be cool. But 
future of plugins is questionable in general imo. Adobe stops support 
for Flash for mobile devices, no new versions. Silverlight is on 
hold mostly too. Everybody turns to HTML5 ...
Pekr:
23-Aug-2012
It is probably not related, but you might try with secure none, but 
I does not seem to be problem of REBOL's security or licence missing 
...
Rebolek:
23-Aug-2012
secure none doesn't help.
MagnussonC:
23-Aug-2012
Maybe it is F-secure that stops the DLL ... not sure it I can stop 
it at work.
MagnussonC:
23-Aug-2012
I think I stopped F-secure, but still no output :(
GrahamC:
15-Sep-2012
I'd like to see SIP and secure SIP eventually, and the ability to 
use video streaming :)
Kaj:
26-Sep-2012
CGI is based on the same principle. It's supposed to be a gateway 
from a Unix web server to a Unix file system, so you can secure it 
with operating system tools
BrianH:
23-Nov-2012
(Sorry Doc about the off-topic stuff) And open-source forks that 
try to alter R3 to make ALIAS possible again will thus be that much 
less stable ond secure, so it will be an argument against their use. 
ALIAS is hostile to the R3 system model, and everything it might 
be a good idea to use ALIAS to do in R2 can be better done with other 
methods in R3.
Kaj:
3-Jan-2013
If you think about what you'd have to do to secure a server from 
memory overload, it would be reasonable to limit acceptable words 
to a certain dictionary, but it wouldn't be reasonable to limit issue! 
to a small range
DocKimbel:
3-Jan-2013
Kaj: I share your security concerns about an appserver, but I don't 
think that other words datatypes can really be more secure. As long 
as you can force the LOADing of arbitrary input strings (without 
even evaluating the code), you could use it to make the symbol table 
blow up the memory.
Arnold:
22-Jun-2013
Including a /secure that is, there are even other RNG's out there 
suitable for this purpose waiting for their transcoding to Red/System.
Group: Announce ... Announcements only - use Ann-reply to chat [web-public]
Kaj:
17-Jan-2013
RANDOM has /seed. It only works on integers so far. As a bonus, random/seed/secure 
seeds the pseudo-random number generator with a clock value, so the 
start of the sequence is really random
Group: Rebol School ... REBOL School [web-public]
caelum:
16-Apr-2012
AES 256 is more than sufficient for most purposes. I am researching 
what Rebol can do so I am aware of the parameters I am working within. 
I am writing code that will be used to encrypt communication between 
clients who want a secure communication facility.


I am looking at the Rebol RSA algorithms now. Thanks for your input.
JohnM:
14-May-2012
I hope it is not rude to leave a question here as opposed to be here 
for the disucssion live, ala IRC. Please forgive me if so, and if 
so I will ask again when others are present. I will break down my 
script into smaller part questions as time goes on. First thing, 
I am under the impression that if I can generate a random number 
between 1 and 1 billion and assign this result to an aribtray variable 
word like so

token: random/secure 1000000000


I want to email my newly generated random number to someone. So I 
thought of this:

send [person-:-example-:-com] "Thank you. Your number is token."


One second later I realized that will just the send the actial word 
token, not the number the variabkle word token represents.

Is the above a correct way to generate a random number?


How do I insert that random number into the body of the text of an 
email to send someone? (send [person-:-example-:-com] "Thank you. Your 
number is [token]" maybe?)


 Thanks for your help in advance, apologies for any breach of rules 
 or etiquette. 
etiquetteetiquette
GrahamC:
14-May-2012
You need to seed the random generator first eg. with the datestamp 
or something, and then generate your random number.  But a better 
way is to create a UUID if you want something guaranteed to be unique.

The library has code for windows http://www.rebol.org/view-script.r?script=guid.r

Just using random, something like this should work

random/seed form now/precise


send [person-:-example-:-com] rejoin [ "Thank you. Your number is " random/secure 
1000000  "." ]
GrahamC:
20-May-2012
@JohnM

You have to do it like this

random/seed now/precise
token: random/secure 1000000

and not like this

token: random/seed now/precise
Ladislav:
20-May-2012
You have to do it like this

random/seed now/precise
token: random/secure 
1000000


- mathematically, the above code does not differ from token: now/precise
Ladislav:
20-May-2012
(it is neither more "random" nor more "secure")
Kaj:
23-Sep-2012
AltME is secure for partly different reasons. We are told it employs 
encryption over the network, but we can't check that, because it's 
closed source
Kaj:
23-Sep-2012
It's also more secure because you run your own server, instead of 
handing your data to a provider. That's fundamental, as long as you 
keep the data safe on all AltME clients. Which is hard, because it's 
not encrypted on disk
james_nak:
4-Oct-2012
I have a script that runs another script (via do) but when I launch 
it from an icon or through startup, the other script asks for permission 
to open a port. I've tried looking for some properties to change 
in the icon and setting secure to allow (which brings up its own 
requester). How do I do this?
sqlab:
4-Oct-2012
see usage in the command level

rebol.exe --secure allow in the link string should work wit most 
versions
i
Maxim:
1-Feb-2013
the most secure method is to SAVE/ALL AND CONSTRUCT.


also, btw, using MOLD/ALL can save a lot of ram because things like 
hash! and objects! do not get double allocated.  on big datasets 
like I'm  using it means saving 100MB RAM on app startup . :-)


just be carefull with save/all & mold/all   they can corrupt some 
data types just like when /ALL  isn't used.  it does allow much more, 
but it still can create some un-reloadable issues... always test 
it with your current data structures before blindly adopting it.
caelum:
23-Feb-2013
So I have a question about RSA encryption. When I run the following 
code:

  rsa-key: rsa-make-key
  rsa-generate-key rsa-key 1024 3

  crypt-key: copy/part checksum/secure mold now/precise 16
  print crypt-key

  crypt-key: rsa-encrypt rsa-key crypt-key
  print crypt-key

  crypt-key: rsa-encrypt/private/decrypt rsa-key crypt-key
  print crypt-key


it runs perfectly, encrypts the crypt-key and then decrypts it sucessfully.


As you probably know, the purpose of the RSA algorithm is to allow 
someone else to encrypt data that only you can decrypt using your 
private key. I tried this with a different public key using the following 
code:

  rsa-key1: rsa-make-key
  rsa-generate-key rsa-key1 1024 3

  rsa-key2: rsa-make-key
  rsa-key2/n: rsa-key1/n

  crypt-key: copy/part checksum/secure mold now/precise 16
  print crypt-key

  crypt-key: rsa-encrypt rsa-key2 crypt-key
  print crypt-key

  crypt-key: rsa-encrypt/private/decrypt rsa-key2 crypt-key
  print crypt-key


So I put the public key from rsa-key1 into another object, rsa-key2 
and tried using it to encrypt the data and get the following error.

	#{DD44AC1810E9A7020FAD72A7CFA54100}
	Segmentation fault


How do I get the public key from the first object into the second 
object so that it can be used to encrypt data?
Cyphre:
23-Feb-2013
;key1 - contains public and private keys
rsa-key1: rsa-make-key
rsa-generate-key rsa-key1 1024 3

;key2 - contains only public key
rsa-key2: rsa-make-key
rsa-key2/e: 3
rsa-key2/n: rsa-key1/n

;data to ecrypt encrypt 
data: copy/part checksum/secure mold now/precise 16

;encrypt data using the key2 (with pub key only)
crypt-key: rsa-encrypt rsa-key2 data


;decrypt data(that have been encrypted using key2) using the key1(needs 
to contain private key)
data2: rsa-encrypt/private/decrypt rsa-key1 crypt-key

either equal? data data2 [
	print "decrypted data match the original - decription passed"
][

 print "decrypted data differs from the original - decryption failed"
]

world-name: r3wp

Group: !AltME ... Discussion about AltME [web-public]
Sunanda:
4-Jan-2005
That's one layer of security Reichart.

But (given that failed for whatever reason -- human laziness in doing 
backups;  tsunami; all kit stolen in break-in; whatever), what's 
the *next* layer?

Secure systems need more than one layer -- as we've discovered with 
REBOL-->REBOL2-->REBOL3.

*All* the data still existed, distributed amond the many users. But 
we threw it away and started a new world.

It's not a a good case study to write up for prospective Altme users.
Group: RAMBO ... The REBOL bug and enhancement database [web-public]
DideC:
16-May-2005
With 1.2.107 (and may be others), when I launch a script from the 
desktop (clicking its icon) the new interpreter open a security request 
to read %rebol.r in the directory where the interpreter is (ie: %/c/rebol/view/).
Something wrong with 'secure setting ?
Vincent:
7-Jun-2005
Will 'create-link be included in final 1.3? If yes, there's a number 
of issues:

- create-link %/c/foo.txt "d:\bar.lnk" will create a link to "current-path\c\foo.txt"
- create-link %/c/foo.txt %/d/bar.lnk don't work
and the big security hole:
    secure [file ask]

    create-link %anything.dat "c:\my-file-to-overwrite.exe" ; bypass 
    sandbox
RAMBO?
Ladislav:
27-Jun-2005
my secure query looks as follows: [net allow library ask shell ask 
file ask %/c/program files/rebol/view [allow read ask write

 ask execute] %/c/documents and settings/ladislav/data aplikací/rebol 
 allow %/c/program%
20files/rebol/view allow]

Is that intended?
Gabriele:
27-Jun-2005
lad: is that from the console? try secure quero from a launcyhed 
script (i.e. a script launched by the desktop)
Group: Core ... Discuss core issues [web-public]
Micha:
8-Mar-2005
rebol []
  
     secure [   net allow  file allow  ]
Gabriele:
12-Mar-2005
>> s
== "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"
>> pool: "" insert/dup pool s 12
== ""
>> random/seed now
>> copy/part random/secure pool 12
== "GQOTTWDZZXNL"
>> copy/part random/secure pool 12
== "JOFF6QY4T2H8"
>> copy/part random/secure pool 12
== "8RJ2MFTQ0IJQ"
>> copy/part random/secure pool 12
== "ZKCS1DX7UTHL"
>> copy/part random/secure pool 12
== "DY3VJH4UTNFF"
>> copy/part random/secure pool 12
== "KWPNQRIJ40KN"
Gabriele:
12-Mar-2005
generate-messageid: does [

    rejoin ["<" enbase checksum/secure random/secure mold system/error 
    "@" server-name ">"]
]
Graham:
12-Mar-2005
generate-messageid: func [eml [string!] [

    rejoin ["<" enbase checksum/secure random/secure eml "@" server-name 
    ">"]
]
Group: Script Library ... REBOL.org: Script library and Mailing list archive [web-public]
Sunanda:
13-Apr-2006
Graham -- nice idea, but I can see two problems:

[1] [web-public] is not a fine enough flag to control whether a whole 
group should be published publicly.

web-public needs a start date [or ranges of dates] to indicate which 
messages were posted while the group was not private.

Without that, we'd be republishing messages from a "secure and private 
world" (Altme's own description) without explicit permission from 
all the contributers.
Group: Parse ... Discussion of PARSE dialect [web-public]
Tomc:
20-Mar-2005
you can write a well considered script without taint that is far 
more secure than a script that passes taint mode by making a simple 
rule that does not properly catch  problems
Group: MySQL ... [web-public]
Pekr:
9-Jan-2006
I would at least like to know, if checksum/secure uses typical SHa1 
method?
Anton:
9-Jan-2006
Goodness me, Petr, the checksum/secure question can be sooo easily 
answered. So easily, that I think an experienced reboler such as 
yourself in posing this question must be implying something else.
Anton:
9-Jan-2006
Ah right:
checksum/secure checksum/secure "mypass"
== #{6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4}
Pekr:
9-Jan-2006
nice - checksum/secure "mypass" = checsum/method "mypass" 'sha1
Volker:
9-Jan-2006
Caps=LONG_FLAG | CONNECT_WITH_DB | COMPRESS | TRANSACTIONS | PROTOCOL_41 
| SECURE_CONNECTION
Volker:
9-Jan-2006
I think so. I guess they used no sha1 and rebol had nothing inbuild. 
now checksum/secure matches perfect.
Pekr:
9-Jan-2006
do you think Doc's hash-v10 and crypt-v10 are equivalent to chekcsum/secure 
sha1?
Pekr:
9-Jan-2006
imo Doc found some C code and translated it to rebol back then, when 
checksum/secure was not available? dunno ....
Pekr:
9-Jan-2006
if you look into scrambel(), they use sha1_reset, input, result function 
calls, which is imo equivalent of rebol using ports - opening, inserting, 
copying the result ... all this is also equivalent to checksum/secure 
"my-string" .... but, in one place, they call sha1_input two times, 
and I dunno what it does mean ...
Pekr:
9-Jan-2006
we also found out, that new shceme uses sha1 .... which is ok with 
checksum/secure ...
Pekr:
9-Jan-2006
however:


if you look into scramble(), they use sha1_reset, input, result function 
calls, which is imo equivalent of rebol using ports - opening, inserting, 
copying the result ... all this is also equivalent to checksum/secure 
"my-string" .... but, in one place, they call sha1_input two times, 
and I dunno what it does mean ...
Pekr:
9-Jan-2006
rebol now has checksum/secure ....
Pekr:
9-Jan-2006
>> help checksum
USAGE:

    CHECKSUM data /tcp /secure /hash size /method word /key key-value

DESCRIPTION:
     Returns a CRC or other type of checksum.
     CHECKSUM is a native value.

ARGUMENTS:
     data -- Data to checksum (Type: any-string)

REFINEMENTS:
     /tcp -- Returns an Internet TCP 16-bit checksum.
     /secure -- Returns a cryptographically secure checksum.
     /hash -- Returns a hash value
         size -- Size of the hash table (Type: integer)
     /method -- Method to use
         word -- Method: SHA1 MD5 (Type: word)
     /key -- Returns keyed HMAC value
         key-value -- Key to use (Type: any-string)
Pekr:
9-Jan-2006
so basically checksum/secure checksum/secure "mypass" gives exactly 
the same result as in mysql doc page posted above.....
Volker:
9-Jan-2006
if you do two such inputs, it should be like 
 checksum/secure join part1 part2
Pekr:
9-Jan-2006
scramble-long: func [pass port][
     hash-stage1: checksum/secure pass
     hash-stage2: checksum/secure hash-stage1

     to-string xor hash-stage1 (checksum/secure port/locals/long-seed 
     hash-stage2)  ;.--- what to do here?
]
Volker:
9-Jan-2006
Is the above your code?
  (checksum/secure port/locals/long-seed hash-stage2) 
->
  (  (checksum/secure port/locals/long-seed)  (hash-stage2) )
did you forget a join or something?
Pekr:
9-Jan-2006
scramble-long: func [pass port][
     hash-stage1: checksum/secure pass
     hash-stage2: checksum/secure hash-stage1

     to-string xor hash-stage1 (checksum/secure join port/locals/long-seed 
     hash-stage2)
]
Pekr:
9-Jan-2006
without your hint to protocol internals, plust the 2x checksum/secure 
being identical to mysql docs, nothing like that would be possible 
on my side ....
Dockimbel:
9-Jan-2006
You're using checksum/secure and not checksum/method key 'sha1 ??
Pekr:
9-Jan-2006
no, as I found checksum/secure = cheksum/method "string" 'sha1
Pekr:
9-Jan-2006
imo Carl just decided to call it /secure and that 'sha1 was added 
later, dunno ...
Pekr:
9-Jan-2006
Doc, are you sure your 'docode table is ok? I mean defs/client ....

client [
			long-password		1		; new more secure passwords
			found-rows			2		; Found instead of affected rows
			long-flag			4		; Get all column flags
			connect-with-db		8		; One can specify db on connect
			no-schema			16		; Don't allow db.table.column
			compress			32		; Can use compression protcol
			odbc				64		; Odbc client
			local-files			128		; Can use LOAD DATA LOCAL
			ignore-space		256		; Ignore spaces before '('
			change-user			512		; Support the mysql_change_user()
			interactive			1024	; This is an interactive client
			ssl					2048	; Switch to SSL after handshake
			ignore-sigpipe		4096	; IGNORE sigpipes
			transactions		8196	; Client knows about transactions
		]

While in protocol description, there is:

MySQL uses the following codes:
Capability name	Value	Meaning
LONG_PASSWORD	1	New more secure passwords
FOUND_ROWS	2	Found instead of affected rows
LONG_FLAG	4	Get all column flags
CONNECT_WITH_DB	8	One can specify db on connect
NO_SCHEMA	16	Don't allow database.table.column
COMPRESS	32	Can use compression protocol
ODBC	64	ODBC client
LOCAL_FILES	128	Can use LOAD DATA LOCAL
IGNORE_SPACE	256	Ignore spaces before '('
PROTOCOL_41	512	Support the 4.1 protocol
INTERACTIVE	1024	This is an interactive client
SSL	2048	Switch to SSL after handshake
IGNORE_SIGPIPE	4096	IGNORE sigpipes
TRANSACTIONS	8192	Client knows about transactions
SECURE_CONNECTION	32768	New 4.1 authentication
MULTI_STATEMENTS	65536	Multi-statement support
MULTI_RESULTS	131072	Multi-results
Pekr:
9-Jan-2006
ah, extended the table and it shows:

----- Server ------
Version: 5.0.18-nt
Protocol version: 10
Thread ID: 36
Crypt Seed: iR=xh!fb
Capabilities: [
    long-flag
    connect-with-db
    compress
    protocol-41
    transactions
    secure-connection
]
Pekr:
9-Jan-2006
newer version uploaded - now you can see there is protocol-41 flag, 
as well as secure-connection, according to which you can decide new 
auth. method was used imo ...
Pekr:
10-Jan-2006
or do you think that checksum/secure could be used even for older 
mysql versions? I wonder if their scheme used sha1 in old days?
Group: Linux ... [web-public] group for linux REBOL users
François:
10-Jul-2005
I found a critical bug: when rebol is configured to work as cgi engine 
with SELinux (Security Enhanced Linux), it generates a Segmentation 
Fault. I uses Fedora Core 3 with SELinux to secure the httpd daemon. 
For now, if you want to use rebol as a cgi engine, you must disable 
SELinux. See RAMBO Ticket #-376
Volker:
1-Aug-2006
secure[path-to-directory allow]
Pekr:
1-Aug-2006
it does not respect log?: false, so what to do about it .... I can't 
expect ppl using it for cgi as having other permissins than usual. 
And if it can't be fixed by setting variable, or by some secure [%sqlite.log 
allow] or something like that code, then it is not suitable for cgi
btiffin:
13-Apr-2007
The standard is to run a secure(r) webserver as user  nobody
Group: CGI ... web server issues [web-public]
François:
10-Jul-2005
I found a critical bug: when rebol is configured to work as cgi engine 
with SELinux (Security Enhanced Linux), it generates a Segmentation 
Fault. I uses Fedora Core 3 with SELinux to secure the httpd daemon. 
For now, if you want to use rebol as a cgi engine, you must disable 
SELinux. See RAMBO Ticket #-376
Pekr:
5-Dec-2005
2) how secure is following? 

str: copy ""
result: decode-cgi read-cgi

foreach [word valu] result [append str join "" [word ":    " value 
newline]


I mean - above block in 'join statement is reduced - is it secure?
Volker:
5-Dec-2005
1) should be secure. decode-cgi should put only strings in the data, 
nothing executable. (i use a lot "should" when it comes to security 
and i did not double-check).
But why do you do that? simply 
 mold decode-cgi
should give the same.
Volker:
1-Mar-2006
#!/rebol -sc 

of course. the -s swiches sandbox of. i then usually do a secure 
to my own folder first in the cgi.
Anton:
21-Aug-2006
I haven't set up Rebol with IIS myself, but my immediate reaction 
is to ask another question: "How much do you believe Microsoft?" 
Of course Microsoft will lead those who are a little unsure to believe 
that alternate software is less secure.
Volker:
21-Aug-2006
size-text: xwindows is client/server. the x-server , that is your 
local computer, which offers to aplications to display things to 
you. And it has some important informations locally, especially the 
fonts (and can cache images and such).

/view needs access to the fonts and so access to a running x-server. 
the x-libs are only an interface to connect to the server. (The xserver-libs 
could be used directly, but well, /view does not do that. Seems to 
be tricky.)
A incomplete sketch how to do it, with no attention to security:

So with /view you need a running x-server, one way to do that  headless 
is vnc.  Can also run on another machine. 

Then you need to tell  rebol where it is, there is an env-var $DISPLAY. 
Which must be set before rebol runs. Did not figure out how to configure 
that. Running a bash-script as cgi, set  $DISPLAY, call the real 
rebol-script should work. And there may be issues with authentification, 
x-windows does not like everyone to connect by default, or the other 
way around, its too easy to make it too open ("xhost + ip"). There 
are more secure ways, but looked more complicated and i never tried. 
All in all i would run such things on windows.
Ashley:
27-Sep-2006
I'm using FormMail.pl to handle some simple contact details collection, 
but seems it is not highly regarded in the Perl community due to 
it's vulnerability to SPAM and bots. nms seems to offer a more secure 
version, http://nms-cgi.sourceforge.net/faq_nms.html, but I haven't 
done anything with Perl for years now. Anyone have a suggestion for 
a good FormMail.pl replacement, are are rumors of it's death greatly 
exaggerated?
Gabriele:
28-Sep-2006
afaik, the latest formmail.pl is "secure enough" (esp. if you configure 
it properly). it's not the best system out there, and being very 
popular it is also a popular target, but if you don't have time to 
replace it but can keep it up to date you should be fine.
james_nak:
22-Jan-2007
Does anyone have a nice "easy to use" sessions code like php so I 
can "secure" pages like the rebol blogger editing?
Pekr:
8-Apr-2009
One of my clients updates his site via some tool, which always seem 
to add some space between the lines. After some time, the page is 
instead of 400 rows something like 13K rows - the size goes from 
cca 25KB to 100KB. So I wrote a cgi script, which reads index.html 
and removes blank lines. Everything is OK, when I run the script 
from the console. But when I run it via a browser as a CGI script 
call, it can't write the file. Dunno why - cgi-script is being run 
using -cs switch, I even put secure none in there, cgi-script has 
the same own, grp set as index.html, but I can't write it ....
Pekr:
8-Apr-2009
no, I can try once I get at home ... that might be more secure solution, 
thanks ...
Group: SDK ... [web-public]
Gabriele:
5-Dec-2005
Petr: one thing is official SDK releases, which need to be stable 
and secure (Rebcode is not secure yet); another thing is beta/alpha 
releases for developers brave enough to play with features like Rebcode. 
I guess the latter can be done as often as View betas. we should 
probably talk to Carl about this.
Volker:
5-Dec-2005
would be at least more secure then switching to c instead.
Group: Windows/COM Support ... [web-public]
Pekr:
28-Jun-2006
just ask DocKimbel to release his xy years old version. He did not 
do that, because RT asked him not to do so. IMO fastcgi is not feature 
which would ruin RT sales. Except secure mode there is very little 
value in the rest of Command - outdated ...
Group: Tech News ... Interesting technology [web-public]
Terry:
14-Jan-2006
A recent CDC study shows that less than a third of U.S. hospitals 
use electronic medical records, a situation that had dangerous repercussions 
in the chaos following Hurricane Katrina. It won't be easy--or cheap--to 
establish a secure, nationwide network that puts test results and 
prescriptions online, and allows national disease trends to be tracked. 
President Bush has proposed a $125 million budget for 2006 to develop 
EMR programs.
Terry:
4-Mar-2006
  MySQL 5.0 Adds Features for Enterprise Developers and DBAs
by Ken 
  North

Baseball legend Satchel Paige is famous for having said 

Don't look back, something might be gaining on you." Companies selling 
a commercial SQL database management system (DBMS) know its MySQL 
that's gaining on them. With an already large installed base, MySQL 
is set to attract new users because of the feature set of version 
5.0. It includes capabilities for which developers have often turned 
to commercial SQL products.


The purposes for which we use personal, mobile, workgroup, departmental, 
enterprise and web databases are diverse. Application requirements 
are a primary determinant of the capacity and features we need from 
an SQL DBMS. For example, a high-volume transaction processing web 
site places greater demands on a database than a contact list manager 
for laptops and small business servers.


A Web Techniques magazine article, "Web Databases: Fun with Guests 
or Risky Business?" discussed features that characterize an industrial-grade 
SQL DBMS. It explained SQL security and mission-critical databases, 
defined as


    "A database is mission critical if its lack of data integrity has 
    serious consequences, such as causing the loss of customers or even 
    lives."


Maintaining data integrity is implicit -- that's a prime directive 
for a DBMS. The article explained other features that enterprise 
developers look for in an SQL platform:


    ... mission-critical applications require features such as intrinsic 
    security, transaction journaling, concurrency controls and the ability 
    to enforce data integrity constraints. Without those features, you 
    do not have secure, robust databases. Connecting a database to a 
    Web server adds other requirements, such as a multithreaded architecture 
    and the ability to do database backups without taking the server 
    down.


    Freeware and PC DBMSs are suitable for certain classes of applications, 
    but not for high-volume Web sites and mission-critical databases. 
    In any case, don't bet your business, or lives, on such software 
    unless you have the source code and the expertise to understand and 
    repair it.


Since that article appeared in print, improvements to MySQL have 
removed the "not ready for prime time" label. Features described 
in that article are now available to MySQL users:

    * transactions
    * concurrency control, locking, SQL standard isolation levels
    * intrinsic security
    * integrity constraints
    * thread-based memory allocation.

  TII Computer Deals at Dell Home Systems 180x150
	


MySQL uses separate threads to handle TCP/IP and named pipes connections, 
authentication, signaling, alarms and replication. The combination 
of threaded architecture and MySQL clustering provides powerful parallel 
processing capabilities. MySQL can process transactions in parallel 
with separate connections on separate processors using separate threads.
MySQL Milestones


A decade of development has moved MySQL out of the bare-bones DBMS 
category, enlarged its user base, and turned MySQL AB into a profitable 
company. One of the important milestones was integration of the InnoDB 
engine with MySQL 4.0. That upgrade gave MySQL multiple tablespaces, 
tables greater than 4GB and support for transaction processing. Other 
enhancements included OpenGIS spatial data types and hot backups. 
The latter enables a DBA to perform a backup without taking the DBMS 
offline. Hot backup software is available as a commercial add-on 
for databases using the InnoDB storage engine. 


MySQL 5.0, the newest version, is a major milestone. There have been 
enhancements to the tool sets, storage engines, types and metadata. 
 MySQL 5.0 includes features enterprise developers have come to expect 
from commercial SQL products. 

    * capacity for very large databases
    * stored procedures
    * triggers
    * named-updateable views
    * server-side cursors
    * type enhancements
    * standards-compliant metadata (INFORMATION_SCHEMA)
    * XA-style distributed transactions
    * hot backups.


MySQL has a demonstrated capacity for managing very large databases. 
Mytrix, Inc. maintains an extensive collection of Internet statistics 
in a one terabyte (1 TB) data warehouse that contains 20 billion 
rows of data. Sabre Holdings runs the oldest and largest online travel 
reservation system. It replicates 10-60 gigabytes per day from its 
master database to a MySQL server farm. The MySQL databases are used 
to support a shopping application that can accommodate a million 
fare changes per day."
Pekr:
6-Mar-2006
I wonder if unix is more secure or just it is less exposed to hackers 
:-)
Pekr:
6-Mar-2006
nice ... isn't openbsd or netbsd regarded being one of the most secure 
systems?
Ashley:
6-Mar-2006
isn't openbsd or netbsd regarded being one of the most secure systems?
 ... I thought MVS (IBM Mainframe OS) has that honour?
Group: SQLite ... C library embeddable DB [web-public].
Ashley:
7-Apr-2006
If it's only TEXT types you need to encrypt then we could always 
add a /secure refinement to CONNECT that would force encrypt / decrypt 
on all TEXT bind variables. Performance wouldn't be too bad as values 
would only be encrypted [once] on INSERT and SELECT, the actual query 
(which could potentially hit millions of rows) would be comparing 
encrypted strings and would only need to decrypt strings that form 
part of the result set. Very similiar to the overhead that MOLD/LOAD 
currently incur when not using the /direct refinement.
Group: Plugin-2 ... Browser Plugins [web-public]
Henrik:
3-May-2006
but at some point it'll be essential to run encapsulated scripts 
and use secure connections
Henrik:
3-May-2006
Carl, one thing I thought about is how do you convince a user that 
the security in the plugin going through the webbrowser is trustworthy 
when the SSL icon in the browser window is not on? they might think 
that nasty stuff could be going on in the background. I think there 
needs to be some kind of indication that the script currently running 
is really secure.
Henrik:
3-May-2006
pressing the "Read FTP" button in the test script gives me:


** User Error: Server error: tcp 421 Unable to set up secure anonymous 
FTP
** Near: view-text read ftp://ftp.rebol.com/test.txt
>>
BrianH:
4-May-2006
Security Issues:

- We should to be able to restrict with the secure native what files 
and dlls the plugin can access.

- The default security of the RT-provided plugin (not encapped by 
a third-party) should prohibit any access to any local files or libraries 
at all, even in the same directory as the script, and prohibit access 
to third-party network addresses as well. Or at least ask.

- There should be some way to access the site's cookies from the 
plugin, because there shouldn't be any other way to store local data 
on the client computer's hard drive. Anything short of that will 
be a security hole.

- There should be no way to reduce the default security of the plugin 
through the use of plugin params.

- Any attempt to reduce access should prompt the user for permission, 
in terms a non-technical user can understand. This means rewriting 
the security dialogs to be more user-friendly.

- Any relaxation of these default security restrictions should require 
encapping the script.

- A user (or their lawyer) should to be able to (perhaps through 
RT) track down the author of any encapped script.

- An encapped script should count as a seperate plugin as far as 
the user is concerned, at least as far as permission-to-install is 
concerned.


Basically, the default security of the plugin should not allow scripts 
to do anything you wouldn't want your worst enemy to do on your computer. 
People will try to use this plugin for advertisements, for webbugs, 
for spyware, for every nasty thing that you aren't evil enough to 
think of. Avoiding that kind of thing should be the focus of the 
default security settings. Anything less will make the plugin unsafe 
to install.
BrianH:
4-May-2006
Java applets and JavaScript scripts are usually only allowed to access 
their own server over the network. I think you can make that same 
restriction to REBOL using the secure native.
BrianH:
7-May-2006
With Java, the applet is only allowed to communicate with the server 
that served up the applet. We could make that same restriction by 
default in the REBOL plugin with SECURE, and then relax the restrictions 
at runtime with SECURE again. Of course, that will cause the security 
requester to pop up and the user would then know what they should 
know and agree to anyways before such behavior is allowed at all.
Volker:
15-May-2006
Extra Security, some thoughts:
- 'secure for ips, eg: secure [net ask tcp://rebol.com allow]
- don't share sandbox-folders between hosts.
- if possible memory-restriction, hd, cpu?
- clipboard-restriction somehow?

- check for memory-access, specially disable struct! . IMO real hackers 
will figure out how to inject code by poke. 

- reblets can store executable code by naming the file *.exe. Does 
not run immediate, but script can open folder in explorer by browse, 
and one wrong click runs it. (or is windows smarter now? Maybe you 
could add an own extension always, and maybe store everything as 
64#{} ?

- Make sure untrusted reblets don't run invisible, can snoop clipboard, 
or at least users online-times. I guess creatives can find other 
uses.

- Maybe some kind of log about starts/stops, with urls? To have a 
little chance of tracking. Some kind of global console.
- Running out of thoughts for now.
Pekr:
15-May-2006
What Volker suggests might work, but then rebol's secure dialect 
should be extended ....
Allen:
15-May-2006
Volker. Jaime.  Clipboard access should probably raise a security 
request, like it does in (secured) browsers.   Maybe it should also 
be part of 'secure  ...
Volker:
16-May-2006
That mini-firewall is in my secure-proposal:  secure [net ask tcp://rebol.com 
allow].

Although securing ports would be nice too, secure [net ask tcp://rebol.com 
80 8080 - 9090 allow].
Volker:
16-May-2006
I want both. Settings are in %user.r, by secure. And %user.r is modified 
by the panel. As it is currently with 'set-net and /desktop.
Pekr:
16-May-2006
but system dialogs are half-way solutions - 1) they can't be translated 
2) they are ugly and do not copy design principles of your apps .... 
stating that - is there a secure way of how to overcome this? Could 
you provide your own UI and supply it for the internal security system? 
Probably not, as I could ask user completly different question :-(
Group: !Cheyenne ... Discussions about the Cheyenne Web Server [web-public]
Graham:
22-Feb-2007
I want to set up a cheyenne web server that is secure.. ie. protected 
by ssl.
1 / 467[1] 2345