[REBOL] Re: Network Guru...
From: louisaturk:coxinet at: 18-Dec-2001 1:30
I really appreciate your help.
At 03:10 PM 12/18/2001 +1100, you wrote:
>Security is relaxed for the lifetime of the Rebol interpreter instance you
>started - unless you set it back. You wording makes me think that you
>believe %sendfiles.r is the script that you are apply the security setting
>to. This is not the case. You are applying the security setting to the Rebol
>interpreter instance that is evaluating the script that has the "forever"
>loop in it, or whatever calls it.
> > Is there some
> > way the script itself can set security---open the door, do its work, then
> > shut and lock the door?
>I'm not sure you need that because I'm presuming you know exactly what your
>scripts are doing, probably because you
>wrote them yourself and so you trust them. If you run your trusted scripts
>in a relaxed security setting and are confident that those trusted scripts
>have no possibility of calling or evaluation untrusted scripts or code then
>I don't think you have a problem. Just let them do their work.
>If you are using someone else's scripts and you are not confident it is trus
>tworthy in regards to security, then consider
>asking about the suspect code on the Rebol mailing list. Security in
>relation to Rebol hasn't been discussed too much yet.
>I suggest you read the security section of the Core manual and create some
>dummy test scripts to see what happens in various situations.
Are you saying that when security is relaxed to run a script, it is relaxed
only for that script? I wrote my own scripts, and trust them. What is
concerning me is that, while security is relaxed, a hacker might enter my
computer and do mischief. But you are saying that while the script with
the forever loop is running, it alone has control of any port it (or the
script it calls) opens. Is that correct?
I did read the documentation, but it did not seem to directly answer my
questions, and I would like direct answers just for peace of mind.