[ALLY] Re: View 1.1 Security
From: agem:crosswinds at: 15-Apr-2001 21:25
>Paul, Larry:
>
>We greatly increased security with 1.1 B1. The idea was to prevent
>sneaky scripts from reading files on your disk. Of course, they
>could never write or delete files before, but we also felt that they
>should not be able to read files either.
>
>Perhaps we tightened security down too much. It's easier to relax it a
>little. We need your feedback as to how much is too much. Let us
know.
>Thanks,
>
well, on the rebol-faq was said,
don't worry, download rebol, run scripts,
as long as you don't say yes to security-questions,
nothing can happen.
well,
a while ago someone hacked netscape/java a bit.
after that your browser was a web-server enabling
everyone on the web to browse your hd.
the suggestion of related magazines was to disable
java until this is fixed.
Not "don't worry, nobody will explore this".
if someone is angry about rebol and demonstrates such a hole
rebol will loose a lot of trust IMHO.
its not M$ which say "om, oops, sorry, you realley moved your
mouse? bad luck."
i can't put
hey, download rebol and this site looks much smarter
on it if tryers have to worry about security?
you can check security by checking system/options/script
from %user.r, shutting the door if its not startet from
a trusted place.
but a mistake there and your machine is open.
very open, nothing can spy your hd smarter than rebol :)
so lowering should be a conscious decision.
maybe you could turn it and move the security-check reliable
in %user.r,
giving there options to keep insecure features,
like it was possible with [hack-launch: :launch]?
and two kinds of file-extension, %.r and %.rs,
where the %.r and downloads are allways hard secured?
(yes, some osses may hide that..)
or iam wrong here?
depend of course on purpose, but i like the idea
of the Reb entered from every browser
(without installing backdoors) :)
>-Carl
>
-Volker
