AltME groups: search
Help · search scripts · search articles · search mailing listresults summary
world | hits |
r4wp | 26 |
r3wp | 441 |
total: | 467 |
results window for this page: [start: 1 end: 100]
world-name: r4wp
Group: #Red ... Red language group [web-public] | ||
Kaj: 12-Jul-2012 | That should work, and be more secure | |
Pekr: 25-Jul-2012 | old version, not secure, etc. R3 in the browser would be cool. But future of plugins is questionable in general imo. Adobe stops support for Flash for mobile devices, no new versions. Silverlight is on hold mostly too. Everybody turns to HTML5 ... | |
Pekr: 23-Aug-2012 | It is probably not related, but you might try with secure none, but I does not seem to be problem of REBOL's security or licence missing ... | |
Rebolek: 23-Aug-2012 | secure none doesn't help. | |
MagnussonC: 23-Aug-2012 | Maybe it is F-secure that stops the DLL ... not sure it I can stop it at work. | |
MagnussonC: 23-Aug-2012 | I think I stopped F-secure, but still no output :( | |
GrahamC: 15-Sep-2012 | I'd like to see SIP and secure SIP eventually, and the ability to use video streaming :) | |
Kaj: 26-Sep-2012 | CGI is based on the same principle. It's supposed to be a gateway from a Unix web server to a Unix file system, so you can secure it with operating system tools | |
BrianH: 23-Nov-2012 | (Sorry Doc about the off-topic stuff) And open-source forks that try to alter R3 to make ALIAS possible again will thus be that much less stable ond secure, so it will be an argument against their use. ALIAS is hostile to the R3 system model, and everything it might be a good idea to use ALIAS to do in R2 can be better done with other methods in R3. | |
Kaj: 3-Jan-2013 | If you think about what you'd have to do to secure a server from memory overload, it would be reasonable to limit acceptable words to a certain dictionary, but it wouldn't be reasonable to limit issue! to a small range | |
DocKimbel: 3-Jan-2013 | Kaj: I share your security concerns about an appserver, but I don't think that other words datatypes can really be more secure. As long as you can force the LOADing of arbitrary input strings (without even evaluating the code), you could use it to make the symbol table blow up the memory. | |
Arnold: 22-Jun-2013 | Including a /secure that is, there are even other RNG's out there suitable for this purpose waiting for their transcoding to Red/System. | |
Group: Announce ... Announcements only - use Ann-reply to chat [web-public] | ||
Kaj: 17-Jan-2013 | RANDOM has /seed. It only works on integers so far. As a bonus, random/seed/secure seeds the pseudo-random number generator with a clock value, so the start of the sequence is really random | |
Group: Rebol School ... REBOL School [web-public] | ||
caelum: 16-Apr-2012 | AES 256 is more than sufficient for most purposes. I am researching what Rebol can do so I am aware of the parameters I am working within. I am writing code that will be used to encrypt communication between clients who want a secure communication facility. I am looking at the Rebol RSA algorithms now. Thanks for your input. | |
JohnM: 14-May-2012 | I hope it is not rude to leave a question here as opposed to be here for the disucssion live, ala IRC. Please forgive me if so, and if so I will ask again when others are present. I will break down my script into smaller part questions as time goes on. First thing, I am under the impression that if I can generate a random number between 1 and 1 billion and assign this result to an aribtray variable word like so token: random/secure 1000000000 I want to email my newly generated random number to someone. So I thought of this: send [person-:-example-:-com] "Thank you. Your number is token." One second later I realized that will just the send the actial word token, not the number the variabkle word token represents. Is the above a correct way to generate a random number? How do I insert that random number into the body of the text of an email to send someone? (send [person-:-example-:-com] "Thank you. Your number is [token]" maybe?) Thanks for your help in advance, apologies for any breach of rules or etiquette. etiquetteetiquette | |
GrahamC: 14-May-2012 | You need to seed the random generator first eg. with the datestamp or something, and then generate your random number. But a better way is to create a UUID if you want something guaranteed to be unique. The library has code for windows http://www.rebol.org/view-script.r?script=guid.r Just using random, something like this should work random/seed form now/precise send [person-:-example-:-com] rejoin [ "Thank you. Your number is " random/secure 1000000 "." ] | |
GrahamC: 20-May-2012 | @JohnM You have to do it like this random/seed now/precise token: random/secure 1000000 and not like this token: random/seed now/precise | |
Ladislav: 20-May-2012 | You have to do it like this random/seed now/precise token: random/secure 1000000 - mathematically, the above code does not differ from token: now/precise | |
Ladislav: 20-May-2012 | (it is neither more "random" nor more "secure") | |
Kaj: 23-Sep-2012 | AltME is secure for partly different reasons. We are told it employs encryption over the network, but we can't check that, because it's closed source | |
Kaj: 23-Sep-2012 | It's also more secure because you run your own server, instead of handing your data to a provider. That's fundamental, as long as you keep the data safe on all AltME clients. Which is hard, because it's not encrypted on disk | |
james_nak: 4-Oct-2012 | I have a script that runs another script (via do) but when I launch it from an icon or through startup, the other script asks for permission to open a port. I've tried looking for some properties to change in the icon and setting secure to allow (which brings up its own requester). How do I do this? | |
sqlab: 4-Oct-2012 | see usage in the command level rebol.exe --secure allow in the link string should work wit most versions i | |
Maxim: 1-Feb-2013 | the most secure method is to SAVE/ALL AND CONSTRUCT. also, btw, using MOLD/ALL can save a lot of ram because things like hash! and objects! do not get double allocated. on big datasets like I'm using it means saving 100MB RAM on app startup . :-) just be carefull with save/all & mold/all they can corrupt some data types just like when /ALL isn't used. it does allow much more, but it still can create some un-reloadable issues... always test it with your current data structures before blindly adopting it. | |
caelum: 23-Feb-2013 | So I have a question about RSA encryption. When I run the following code: rsa-key: rsa-make-key rsa-generate-key rsa-key 1024 3 crypt-key: copy/part checksum/secure mold now/precise 16 print crypt-key crypt-key: rsa-encrypt rsa-key crypt-key print crypt-key crypt-key: rsa-encrypt/private/decrypt rsa-key crypt-key print crypt-key it runs perfectly, encrypts the crypt-key and then decrypts it sucessfully. As you probably know, the purpose of the RSA algorithm is to allow someone else to encrypt data that only you can decrypt using your private key. I tried this with a different public key using the following code: rsa-key1: rsa-make-key rsa-generate-key rsa-key1 1024 3 rsa-key2: rsa-make-key rsa-key2/n: rsa-key1/n crypt-key: copy/part checksum/secure mold now/precise 16 print crypt-key crypt-key: rsa-encrypt rsa-key2 crypt-key print crypt-key crypt-key: rsa-encrypt/private/decrypt rsa-key2 crypt-key print crypt-key So I put the public key from rsa-key1 into another object, rsa-key2 and tried using it to encrypt the data and get the following error. #{DD44AC1810E9A7020FAD72A7CFA54100} Segmentation fault How do I get the public key from the first object into the second object so that it can be used to encrypt data? | |
Cyphre: 23-Feb-2013 | ;key1 - contains public and private keys rsa-key1: rsa-make-key rsa-generate-key rsa-key1 1024 3 ;key2 - contains only public key rsa-key2: rsa-make-key rsa-key2/e: 3 rsa-key2/n: rsa-key1/n ;data to ecrypt encrypt data: copy/part checksum/secure mold now/precise 16 ;encrypt data using the key2 (with pub key only) crypt-key: rsa-encrypt rsa-key2 data ;decrypt data(that have been encrypted using key2) using the key1(needs to contain private key) data2: rsa-encrypt/private/decrypt rsa-key1 crypt-key either equal? data data2 [ print "decrypted data match the original - decription passed" ][ print "decrypted data differs from the original - decryption failed" ] |
world-name: r3wp
Group: !AltME ... Discussion about AltME [web-public] | ||
Sunanda: 4-Jan-2005 | That's one layer of security Reichart. But (given that failed for whatever reason -- human laziness in doing backups; tsunami; all kit stolen in break-in; whatever), what's the *next* layer? Secure systems need more than one layer -- as we've discovered with REBOL-->REBOL2-->REBOL3. *All* the data still existed, distributed amond the many users. But we threw it away and started a new world. It's not a a good case study to write up for prospective Altme users. | |
Group: RAMBO ... The REBOL bug and enhancement database [web-public] | ||
DideC: 16-May-2005 | With 1.2.107 (and may be others), when I launch a script from the desktop (clicking its icon) the new interpreter open a security request to read %rebol.r in the directory where the interpreter is (ie: %/c/rebol/view/). Something wrong with 'secure setting ? | |
Vincent: 7-Jun-2005 | Will 'create-link be included in final 1.3? If yes, there's a number of issues: - create-link %/c/foo.txt "d:\bar.lnk" will create a link to "current-path\c\foo.txt" - create-link %/c/foo.txt %/d/bar.lnk don't work and the big security hole: secure [file ask] create-link %anything.dat "c:\my-file-to-overwrite.exe" ; bypass sandbox RAMBO? | |
Ladislav: 27-Jun-2005 | my secure query looks as follows: [net allow library ask shell ask file ask %/c/program files/rebol/view [allow read ask write ask execute] %/c/documents and settings/ladislav/data aplikací/rebol allow %/c/program% 20files/rebol/view allow] Is that intended? | |
Gabriele: 27-Jun-2005 | lad: is that from the console? try secure quero from a launcyhed script (i.e. a script launched by the desktop) | |
Group: Core ... Discuss core issues [web-public] | ||
Micha: 8-Mar-2005 | rebol [] secure [ net allow file allow ] | |
Gabriele: 12-Mar-2005 | >> s == "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ" >> pool: "" insert/dup pool s 12 == "" >> random/seed now >> copy/part random/secure pool 12 == "GQOTTWDZZXNL" >> copy/part random/secure pool 12 == "JOFF6QY4T2H8" >> copy/part random/secure pool 12 == "8RJ2MFTQ0IJQ" >> copy/part random/secure pool 12 == "ZKCS1DX7UTHL" >> copy/part random/secure pool 12 == "DY3VJH4UTNFF" >> copy/part random/secure pool 12 == "KWPNQRIJ40KN" | |
Gabriele: 12-Mar-2005 | generate-messageid: does [ rejoin ["<" enbase checksum/secure random/secure mold system/error "@" server-name ">"] ] | |
Graham: 12-Mar-2005 | generate-messageid: func [eml [string!] [ rejoin ["<" enbase checksum/secure random/secure eml "@" server-name ">"] ] | |
Group: Script Library ... REBOL.org: Script library and Mailing list archive [web-public] | ||
Sunanda: 13-Apr-2006 | Graham -- nice idea, but I can see two problems: [1] [web-public] is not a fine enough flag to control whether a whole group should be published publicly. web-public needs a start date [or ranges of dates] to indicate which messages were posted while the group was not private. Without that, we'd be republishing messages from a "secure and private world" (Altme's own description) without explicit permission from all the contributers. | |
Group: Parse ... Discussion of PARSE dialect [web-public] | ||
Tomc: 20-Mar-2005 | you can write a well considered script without taint that is far more secure than a script that passes taint mode by making a simple rule that does not properly catch problems | |
Group: MySQL ... [web-public] | ||
Pekr: 9-Jan-2006 | I would at least like to know, if checksum/secure uses typical SHa1 method? | |
Anton: 9-Jan-2006 | Goodness me, Petr, the checksum/secure question can be sooo easily answered. So easily, that I think an experienced reboler such as yourself in posing this question must be implying something else. | |
Anton: 9-Jan-2006 | Ah right: checksum/secure checksum/secure "mypass" == #{6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4} | |
Pekr: 9-Jan-2006 | nice - checksum/secure "mypass" = checsum/method "mypass" 'sha1 | |
Volker: 9-Jan-2006 | Caps=LONG_FLAG | CONNECT_WITH_DB | COMPRESS | TRANSACTIONS | PROTOCOL_41 | SECURE_CONNECTION | |
Volker: 9-Jan-2006 | I think so. I guess they used no sha1 and rebol had nothing inbuild. now checksum/secure matches perfect. | |
Pekr: 9-Jan-2006 | do you think Doc's hash-v10 and crypt-v10 are equivalent to chekcsum/secure sha1? | |
Pekr: 9-Jan-2006 | imo Doc found some C code and translated it to rebol back then, when checksum/secure was not available? dunno .... | |
Pekr: 9-Jan-2006 | if you look into scrambel(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
Pekr: 9-Jan-2006 | we also found out, that new shceme uses sha1 .... which is ok with checksum/secure ... | |
Pekr: 9-Jan-2006 | however: if you look into scramble(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
Pekr: 9-Jan-2006 | rebol now has checksum/secure .... | |
Pekr: 9-Jan-2006 | >> help checksum USAGE: CHECKSUM data /tcp /secure /hash size /method word /key key-value DESCRIPTION: Returns a CRC or other type of checksum. CHECKSUM is a native value. ARGUMENTS: data -- Data to checksum (Type: any-string) REFINEMENTS: /tcp -- Returns an Internet TCP 16-bit checksum. /secure -- Returns a cryptographically secure checksum. /hash -- Returns a hash value size -- Size of the hash table (Type: integer) /method -- Method to use word -- Method: SHA1 MD5 (Type: word) /key -- Returns keyed HMAC value key-value -- Key to use (Type: any-string) | |
Pekr: 9-Jan-2006 | so basically checksum/secure checksum/secure "mypass" gives exactly the same result as in mysql doc page posted above..... | |
Volker: 9-Jan-2006 | if you do two such inputs, it should be like checksum/secure join part1 part2 | |
Pekr: 9-Jan-2006 | scramble-long: func [pass port][ hash-stage1: checksum/secure pass hash-stage2: checksum/secure hash-stage1 to-string xor hash-stage1 (checksum/secure port/locals/long-seed hash-stage2) ;.--- what to do here? ] | |
Volker: 9-Jan-2006 | Is the above your code? (checksum/secure port/locals/long-seed hash-stage2) -> ( (checksum/secure port/locals/long-seed) (hash-stage2) ) did you forget a join or something? | |
Pekr: 9-Jan-2006 | scramble-long: func [pass port][ hash-stage1: checksum/secure pass hash-stage2: checksum/secure hash-stage1 to-string xor hash-stage1 (checksum/secure join port/locals/long-seed hash-stage2) ] | |
Pekr: 9-Jan-2006 | without your hint to protocol internals, plust the 2x checksum/secure being identical to mysql docs, nothing like that would be possible on my side .... | |
Dockimbel: 9-Jan-2006 | You're using checksum/secure and not checksum/method key 'sha1 ?? | |
Pekr: 9-Jan-2006 | no, as I found checksum/secure = cheksum/method "string" 'sha1 | |
Pekr: 9-Jan-2006 | imo Carl just decided to call it /secure and that 'sha1 was added later, dunno ... | |
Pekr: 9-Jan-2006 | Doc, are you sure your 'docode table is ok? I mean defs/client .... client [ long-password 1 ; new more secure passwords found-rows 2 ; Found instead of affected rows long-flag 4 ; Get all column flags connect-with-db 8 ; One can specify db on connect no-schema 16 ; Don't allow db.table.column compress 32 ; Can use compression protcol odbc 64 ; Odbc client local-files 128 ; Can use LOAD DATA LOCAL ignore-space 256 ; Ignore spaces before '(' change-user 512 ; Support the mysql_change_user() interactive 1024 ; This is an interactive client ssl 2048 ; Switch to SSL after handshake ignore-sigpipe 4096 ; IGNORE sigpipes transactions 8196 ; Client knows about transactions ] While in protocol description, there is: MySQL uses the following codes: Capability name Value Meaning LONG_PASSWORD 1 New more secure passwords FOUND_ROWS 2 Found instead of affected rows LONG_FLAG 4 Get all column flags CONNECT_WITH_DB 8 One can specify db on connect NO_SCHEMA 16 Don't allow database.table.column COMPRESS 32 Can use compression protocol ODBC 64 ODBC client LOCAL_FILES 128 Can use LOAD DATA LOCAL IGNORE_SPACE 256 Ignore spaces before '(' PROTOCOL_41 512 Support the 4.1 protocol INTERACTIVE 1024 This is an interactive client SSL 2048 Switch to SSL after handshake IGNORE_SIGPIPE 4096 IGNORE sigpipes TRANSACTIONS 8192 Client knows about transactions SECURE_CONNECTION 32768 New 4.1 authentication MULTI_STATEMENTS 65536 Multi-statement support MULTI_RESULTS 131072 Multi-results | |
Pekr: 9-Jan-2006 | ah, extended the table and it shows: ----- Server ------ Version: 5.0.18-nt Protocol version: 10 Thread ID: 36 Crypt Seed: iR=xh!fb Capabilities: [ long-flag connect-with-db compress protocol-41 transactions secure-connection ] | |
Pekr: 9-Jan-2006 | newer version uploaded - now you can see there is protocol-41 flag, as well as secure-connection, according to which you can decide new auth. method was used imo ... | |
Pekr: 10-Jan-2006 | or do you think that checksum/secure could be used even for older mysql versions? I wonder if their scheme used sha1 in old days? | |
Group: Linux ... [web-public] group for linux REBOL users | ||
François: 10-Jul-2005 | I found a critical bug: when rebol is configured to work as cgi engine with SELinux (Security Enhanced Linux), it generates a Segmentation Fault. I uses Fedora Core 3 with SELinux to secure the httpd daemon. For now, if you want to use rebol as a cgi engine, you must disable SELinux. See RAMBO Ticket #-376 | |
Volker: 1-Aug-2006 | secure[path-to-directory allow] | |
Pekr: 1-Aug-2006 | it does not respect log?: false, so what to do about it .... I can't expect ppl using it for cgi as having other permissins than usual. And if it can't be fixed by setting variable, or by some secure [%sqlite.log allow] or something like that code, then it is not suitable for cgi | |
btiffin: 13-Apr-2007 | The standard is to run a secure(r) webserver as user nobody | |
Group: CGI ... web server issues [web-public] | ||
François: 10-Jul-2005 | I found a critical bug: when rebol is configured to work as cgi engine with SELinux (Security Enhanced Linux), it generates a Segmentation Fault. I uses Fedora Core 3 with SELinux to secure the httpd daemon. For now, if you want to use rebol as a cgi engine, you must disable SELinux. See RAMBO Ticket #-376 | |
Pekr: 5-Dec-2005 | 2) how secure is following? str: copy "" result: decode-cgi read-cgi foreach [word valu] result [append str join "" [word ": " value newline] I mean - above block in 'join statement is reduced - is it secure? | |
Volker: 5-Dec-2005 | 1) should be secure. decode-cgi should put only strings in the data, nothing executable. (i use a lot "should" when it comes to security and i did not double-check). But why do you do that? simply mold decode-cgi should give the same. | |
Volker: 1-Mar-2006 | #!/rebol -sc of course. the -s swiches sandbox of. i then usually do a secure to my own folder first in the cgi. | |
Anton: 21-Aug-2006 | I haven't set up Rebol with IIS myself, but my immediate reaction is to ask another question: "How much do you believe Microsoft?" Of course Microsoft will lead those who are a little unsure to believe that alternate software is less secure. | |
Volker: 21-Aug-2006 | size-text: xwindows is client/server. the x-server , that is your local computer, which offers to aplications to display things to you. And it has some important informations locally, especially the fonts (and can cache images and such). /view needs access to the fonts and so access to a running x-server. the x-libs are only an interface to connect to the server. (The xserver-libs could be used directly, but well, /view does not do that. Seems to be tricky.) A incomplete sketch how to do it, with no attention to security: So with /view you need a running x-server, one way to do that headless is vnc. Can also run on another machine. Then you need to tell rebol where it is, there is an env-var $DISPLAY. Which must be set before rebol runs. Did not figure out how to configure that. Running a bash-script as cgi, set $DISPLAY, call the real rebol-script should work. And there may be issues with authentification, x-windows does not like everyone to connect by default, or the other way around, its too easy to make it too open ("xhost + ip"). There are more secure ways, but looked more complicated and i never tried. All in all i would run such things on windows. | |
Ashley: 27-Sep-2006 | I'm using FormMail.pl to handle some simple contact details collection, but seems it is not highly regarded in the Perl community due to it's vulnerability to SPAM and bots. nms seems to offer a more secure version, http://nms-cgi.sourceforge.net/faq_nms.html, but I haven't done anything with Perl for years now. Anyone have a suggestion for a good FormMail.pl replacement, are are rumors of it's death greatly exaggerated? | |
Gabriele: 28-Sep-2006 | afaik, the latest formmail.pl is "secure enough" (esp. if you configure it properly). it's not the best system out there, and being very popular it is also a popular target, but if you don't have time to replace it but can keep it up to date you should be fine. | |
james_nak: 22-Jan-2007 | Does anyone have a nice "easy to use" sessions code like php so I can "secure" pages like the rebol blogger editing? | |
Pekr: 8-Apr-2009 | One of my clients updates his site via some tool, which always seem to add some space between the lines. After some time, the page is instead of 400 rows something like 13K rows - the size goes from cca 25KB to 100KB. So I wrote a cgi script, which reads index.html and removes blank lines. Everything is OK, when I run the script from the console. But when I run it via a browser as a CGI script call, it can't write the file. Dunno why - cgi-script is being run using -cs switch, I even put secure none in there, cgi-script has the same own, grp set as index.html, but I can't write it .... | |
Pekr: 8-Apr-2009 | no, I can try once I get at home ... that might be more secure solution, thanks ... | |
Group: SDK ... [web-public] | ||
Gabriele: 5-Dec-2005 | Petr: one thing is official SDK releases, which need to be stable and secure (Rebcode is not secure yet); another thing is beta/alpha releases for developers brave enough to play with features like Rebcode. I guess the latter can be done as often as View betas. we should probably talk to Carl about this. | |
Volker: 5-Dec-2005 | would be at least more secure then switching to c instead. | |
Group: Windows/COM Support ... [web-public] | ||
Pekr: 28-Jun-2006 | just ask DocKimbel to release his xy years old version. He did not do that, because RT asked him not to do so. IMO fastcgi is not feature which would ruin RT sales. Except secure mode there is very little value in the rest of Command - outdated ... | |
Group: Tech News ... Interesting technology [web-public] | ||
Terry: 14-Jan-2006 | A recent CDC study shows that less than a third of U.S. hospitals use electronic medical records, a situation that had dangerous repercussions in the chaos following Hurricane Katrina. It won't be easy--or cheap--to establish a secure, nationwide network that puts test results and prescriptions online, and allows national disease trends to be tracked. President Bush has proposed a $125 million budget for 2006 to develop EMR programs. | |
Terry: 4-Mar-2006 | MySQL 5.0 Adds Features for Enterprise Developers and DBAs by Ken North Baseball legend Satchel Paige is famous for having said Don't look back, something might be gaining on you." Companies selling a commercial SQL database management system (DBMS) know its MySQL that's gaining on them. With an already large installed base, MySQL is set to attract new users because of the feature set of version 5.0. It includes capabilities for which developers have often turned to commercial SQL products. The purposes for which we use personal, mobile, workgroup, departmental, enterprise and web databases are diverse. Application requirements are a primary determinant of the capacity and features we need from an SQL DBMS. For example, a high-volume transaction processing web site places greater demands on a database than a contact list manager for laptops and small business servers. A Web Techniques magazine article, "Web Databases: Fun with Guests or Risky Business?" discussed features that characterize an industrial-grade SQL DBMS. It explained SQL security and mission-critical databases, defined as "A database is mission critical if its lack of data integrity has serious consequences, such as causing the loss of customers or even lives." Maintaining data integrity is implicit -- that's a prime directive for a DBMS. The article explained other features that enterprise developers look for in an SQL platform: ... mission-critical applications require features such as intrinsic security, transaction journaling, concurrency controls and the ability to enforce data integrity constraints. Without those features, you do not have secure, robust databases. Connecting a database to a Web server adds other requirements, such as a multithreaded architecture and the ability to do database backups without taking the server down. Freeware and PC DBMSs are suitable for certain classes of applications, but not for high-volume Web sites and mission-critical databases. In any case, don't bet your business, or lives, on such software unless you have the source code and the expertise to understand and repair it. Since that article appeared in print, improvements to MySQL have removed the "not ready for prime time" label. Features described in that article are now available to MySQL users: * transactions * concurrency control, locking, SQL standard isolation levels * intrinsic security * integrity constraints * thread-based memory allocation. TII Computer Deals at Dell Home Systems 180x150 MySQL uses separate threads to handle TCP/IP and named pipes connections, authentication, signaling, alarms and replication. The combination of threaded architecture and MySQL clustering provides powerful parallel processing capabilities. MySQL can process transactions in parallel with separate connections on separate processors using separate threads. MySQL Milestones A decade of development has moved MySQL out of the bare-bones DBMS category, enlarged its user base, and turned MySQL AB into a profitable company. One of the important milestones was integration of the InnoDB engine with MySQL 4.0. That upgrade gave MySQL multiple tablespaces, tables greater than 4GB and support for transaction processing. Other enhancements included OpenGIS spatial data types and hot backups. The latter enables a DBA to perform a backup without taking the DBMS offline. Hot backup software is available as a commercial add-on for databases using the InnoDB storage engine. MySQL 5.0, the newest version, is a major milestone. There have been enhancements to the tool sets, storage engines, types and metadata. MySQL 5.0 includes features enterprise developers have come to expect from commercial SQL products. * capacity for very large databases * stored procedures * triggers * named-updateable views * server-side cursors * type enhancements * standards-compliant metadata (INFORMATION_SCHEMA) * XA-style distributed transactions * hot backups. MySQL has a demonstrated capacity for managing very large databases. Mytrix, Inc. maintains an extensive collection of Internet statistics in a one terabyte (1 TB) data warehouse that contains 20 billion rows of data. Sabre Holdings runs the oldest and largest online travel reservation system. It replicates 10-60 gigabytes per day from its master database to a MySQL server farm. The MySQL databases are used to support a shopping application that can accommodate a million fare changes per day." | |
Pekr: 6-Mar-2006 | I wonder if unix is more secure or just it is less exposed to hackers :-) | |
Pekr: 6-Mar-2006 | nice ... isn't openbsd or netbsd regarded being one of the most secure systems? | |
Ashley: 6-Mar-2006 | isn't openbsd or netbsd regarded being one of the most secure systems? ... I thought MVS (IBM Mainframe OS) has that honour? | |
Group: SQLite ... C library embeddable DB [web-public]. | ||
Ashley: 7-Apr-2006 | If it's only TEXT types you need to encrypt then we could always add a /secure refinement to CONNECT that would force encrypt / decrypt on all TEXT bind variables. Performance wouldn't be too bad as values would only be encrypted [once] on INSERT and SELECT, the actual query (which could potentially hit millions of rows) would be comparing encrypted strings and would only need to decrypt strings that form part of the result set. Very similiar to the overhead that MOLD/LOAD currently incur when not using the /direct refinement. | |
Group: Plugin-2 ... Browser Plugins [web-public] | ||
Henrik: 3-May-2006 | but at some point it'll be essential to run encapsulated scripts and use secure connections | |
Henrik: 3-May-2006 | Carl, one thing I thought about is how do you convince a user that the security in the plugin going through the webbrowser is trustworthy when the SSL icon in the browser window is not on? they might think that nasty stuff could be going on in the background. I think there needs to be some kind of indication that the script currently running is really secure. | |
Henrik: 3-May-2006 | pressing the "Read FTP" button in the test script gives me: ** User Error: Server error: tcp 421 Unable to set up secure anonymous FTP ** Near: view-text read ftp://ftp.rebol.com/test.txt >> | |
BrianH: 4-May-2006 | Security Issues: - We should to be able to restrict with the secure native what files and dlls the plugin can access. - The default security of the RT-provided plugin (not encapped by a third-party) should prohibit any access to any local files or libraries at all, even in the same directory as the script, and prohibit access to third-party network addresses as well. Or at least ask. - There should be some way to access the site's cookies from the plugin, because there shouldn't be any other way to store local data on the client computer's hard drive. Anything short of that will be a security hole. - There should be no way to reduce the default security of the plugin through the use of plugin params. - Any attempt to reduce access should prompt the user for permission, in terms a non-technical user can understand. This means rewriting the security dialogs to be more user-friendly. - Any relaxation of these default security restrictions should require encapping the script. - A user (or their lawyer) should to be able to (perhaps through RT) track down the author of any encapped script. - An encapped script should count as a seperate plugin as far as the user is concerned, at least as far as permission-to-install is concerned. Basically, the default security of the plugin should not allow scripts to do anything you wouldn't want your worst enemy to do on your computer. People will try to use this plugin for advertisements, for webbugs, for spyware, for every nasty thing that you aren't evil enough to think of. Avoiding that kind of thing should be the focus of the default security settings. Anything less will make the plugin unsafe to install. | |
BrianH: 4-May-2006 | Java applets and JavaScript scripts are usually only allowed to access their own server over the network. I think you can make that same restriction to REBOL using the secure native. | |
BrianH: 7-May-2006 | With Java, the applet is only allowed to communicate with the server that served up the applet. We could make that same restriction by default in the REBOL plugin with SECURE, and then relax the restrictions at runtime with SECURE again. Of course, that will cause the security requester to pop up and the user would then know what they should know and agree to anyways before such behavior is allowed at all. | |
Volker: 15-May-2006 | Extra Security, some thoughts: - 'secure for ips, eg: secure [net ask tcp://rebol.com allow] - don't share sandbox-folders between hosts. - if possible memory-restriction, hd, cpu? - clipboard-restriction somehow? - check for memory-access, specially disable struct! . IMO real hackers will figure out how to inject code by poke. - reblets can store executable code by naming the file *.exe. Does not run immediate, but script can open folder in explorer by browse, and one wrong click runs it. (or is windows smarter now? Maybe you could add an own extension always, and maybe store everything as 64#{} ? - Make sure untrusted reblets don't run invisible, can snoop clipboard, or at least users online-times. I guess creatives can find other uses. - Maybe some kind of log about starts/stops, with urls? To have a little chance of tracking. Some kind of global console. - Running out of thoughts for now. | |
Pekr: 15-May-2006 | What Volker suggests might work, but then rebol's secure dialect should be extended .... | |
Allen: 15-May-2006 | Volker. Jaime. Clipboard access should probably raise a security request, like it does in (secured) browsers. Maybe it should also be part of 'secure ... | |
Volker: 16-May-2006 | That mini-firewall is in my secure-proposal: secure [net ask tcp://rebol.com allow]. Although securing ports would be nice too, secure [net ask tcp://rebol.com 80 8080 - 9090 allow]. | |
Volker: 16-May-2006 | I want both. Settings are in %user.r, by secure. And %user.r is modified by the panel. As it is currently with 'set-net and /desktop. | |
Pekr: 16-May-2006 | but system dialogs are half-way solutions - 1) they can't be translated 2) they are ugly and do not copy design principles of your apps .... stating that - is there a secure way of how to overcome this? Could you provide your own UI and supply it for the internal security system? Probably not, as I could ask user completly different question :-( | |
Group: !Cheyenne ... Discussions about the Cheyenne Web Server [web-public] | ||
Graham: 22-Feb-2007 | I want to set up a cheyenne web server that is secure.. ie. protected by ssl. |
1 / 467 | [1] | 2 | 3 | 4 | 5 |