[REBOL] Re: Anyone ever done this?
From: edanaii:cox at: 11-Aug-2002 9:10
The program was written to replace functionality in M$ OutHouse. We had
run into sever limitations with the total number of Rules it could
store. This was a "known limitation" of the software, so we needed an
alternative.
I wrote the REBOL program such that when I defined a Rule, I could
execute an Object or piece for REBOL code. It followed logically then,
that if I could embed and Object or code into my Mail Rules and call it
in REBOL, I could therefore embed the code in a mail message and execute
that. So I did it as a proof-of-concept, more than anything else.
So no thought has been given to authentication, and, honestly, I'm not
worried about it. This particular application will be protected by the
security by obscurity
concept. I.e. the only people who know the mail
address will be the people I work with. In addition, it will only
execute the code _if_ the proper entry is made in the Subject Line.
Of course, if I must secure it, I can always add an list of valid email
that can execute REBOL code through the application, and add passwords,
as well.
As to dialecting, I'm still a relative newbie to REBOL; I haven't had a
chance to get familiar with the concept yet.
And to your final point, yes, that is definitely what REBOL was intended
to do, which is exactly why I decided to do it as a proof-of-concept.
And it worked quite nicely, too. :)
Brett Handley wrote:
>Haven't actually done that, but have thought about doing it for a while.
>Only problem is how do you check that you can trust the code that you
>receive? Even if it is on an internal LAN, you have to consider the
>possibility of the LAN being opened in the future (accidently or otherwise).
>
>I wrote this
>http://www.codeconscious.com/rebol/articles/x-internet-security.html
>prior to the new test versions of REBOL and while it mentions Rugby it is
>still relevent to what you are doing. You might want to look at it.
>
>I'd say if you keep your script, make it into a dialect and add some
>authentication mechanism to it - otherwise you might have some unexpected
>results :^)
>
>I believe some time ago Ladislav and Jeff (?) worked on a script that could
>deal with untrusted code in a fairly robust manner, but I cannot remember
>the details.
>
>Now after getting the cautions out of the way - it does sound cool. Exactly
>why REBOL was designed like it is I imagine. :^)
>
--
Sincerely, | When we remember we are all mad, the mysteries of
Ed Dana | life disappear and life stands explained.
Software Developer | -- Mark Twain
1Ghz Athlon Amiga |