Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 11 Aug 2002 17:20
 Next: 11 Aug 2002 9:15

Other threads:
 Prev: Random numbers for Monte Carlo
 Next: possible rebol tcp open bug ...

Same author:
 Prev: 10 Aug 2002 7:01
 Next: 11 Aug 2002 9:15

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
3-May 21:10 UTC
[0.053] 10.221k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: Anyone ever done this?

From: edanaii:cox at: 11-Aug-2002 9:10


The program was written to replace functionality in M$ OutHouse. We had
run into sever limitations with the total number of Rules it could
store. This was a "known limitation" of the software, so we needed an
alternative.

I wrote the REBOL program such that when I defined a Rule, I could
execute an Object or piece for REBOL code. It followed logically then,
that if I could embed and Object or code into my Mail Rules and call it
in REBOL, I could therefore embed the code in a mail message and execute
that. So I did it as a proof-of-concept, more than anything else.

So no thought has been given to authentication, and, honestly, I'm not
worried about it. This particular application will be protected by the
security by obscurity
 concept. I.e. the only people who know the mail
address will be the people I work with. In addition, it will only
execute the code _if_ the proper entry is made in the Subject Line.

Of course, if I must secure it, I can always add an list of valid email
that can execute REBOL code through the application, and add passwords,
as well.

As to dialecting, I'm still a relative newbie to REBOL; I haven't had a
chance to get familiar with the concept yet.

And to your final point, yes, that is definitely what REBOL was intended
to do, which is exactly why I decided to do it as a proof-of-concept.
And it worked quite nicely, too. :)

Brett Handley wrote:


>Haven't actually done that, but have thought about doing it for a while.
>Only problem is how do you check that you can trust the code that you
>receive? Even if it is on an internal LAN, you have to consider the
>possibility of the LAN being opened in the future (accidently or otherwise).
>
>I wrote this
>http://www.codeconscious.com/rebol/articles/x-internet-security.html
>prior to the new test versions of REBOL and while it mentions Rugby it is
>still relevent to what you are doing. You might want to look at it.
>
>I'd say if you keep your script, make it into a dialect and add some
>authentication mechanism to it - otherwise you might have some unexpected
>results :^)
>
>I believe some time ago Ladislav and Jeff (?) worked on a script that could
>deal with untrusted code in a fairly robust manner, but I cannot remember
>the details.
>
>Now after getting the cautions out of the way - it does sound cool. Exactly
>why REBOL was designed like it is I imagine. :^)
>


--
Sincerely,         | When we remember we are all mad, the mysteries of
Ed Dana            | life disappear and life stands explained.
Software Developer |   -- Mark Twain
1Ghz Athlon Amiga  |

1 · 2 · 3 · [4] · 5 · See whole thread