[REBOL] Re: Rebol.org plugin question
From: SunandaDH::aol::com at: 20-Sep-2004 11:07
Oldes:
> I think there are still some issues as you can work with ports without
> user permissions so for example someone can make a script which will attack
> other pages or spam anybody and user don't need to know that something
> is happening -
Thanks for that.....That was my understanding too.
Which is partially why we've been cautious in implementing the plugin at
REBOL.org.....It would be too simple for someone to upload a malicious script
which is then just a naive IE click away from doing some damage.
I've just uploaded what should be the final stage of implementing the plugin
**safely** at REBOL.org. Our "security model" is two-phase:
1. Any Library member can upload a script and mark it as "plugin". We will
allow the owner to run it under the plugin but not others.
2. A member of the "plugin posse" checks the script for malicious intent. If
they don't find anything, they will flag the script as okay for the plugin.
There are currently three scripts that are plugin enable -- they should all
appear on this list with a *Run* link enabled.
http://www.rebol.org/cgi-bin/cgiwrap/rebol/search.r?special-filter=recent
There would be many more, but we're still waiting for script owners to update
their scripts to say that they are plugin-ready:
http://www.rebol.org/cgi-bin/cgiwrap/rebol/ml-display-message.r?m=rmlHVHC
If you'd like to be on the plugin posse, please let me know.
Sunanda
