Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: Anyone ever done this?

From: edanaii:cox at: 11-Aug-2002 9:10

The program was written to replace functionality in M$ OutHouse. We had run into sever limitations with the total number of Rules it could store. This was a "known limitation" of the software, so we needed an alternative. I wrote the REBOL program such that when I defined a Rule, I could execute an Object or piece for REBOL code. It followed logically then, that if I could embed and Object or code into my Mail Rules and call it in REBOL, I could therefore embed the code in a mail message and execute that. So I did it as a proof-of-concept, more than anything else. So no thought has been given to authentication, and, honestly, I'm not worried about it. This particular application will be protected by the security by obscurity concept. I.e. the only people who know the mail address will be the people I work with. In addition, it will only execute the code _if_ the proper entry is made in the Subject Line. Of course, if I must secure it, I can always add an list of valid email that can execute REBOL code through the application, and add passwords, as well. As to dialecting, I'm still a relative newbie to REBOL; I haven't had a chance to get familiar with the concept yet. And to your final point, yes, that is definitely what REBOL was intended to do, which is exactly why I decided to do it as a proof-of-concept. And it worked quite nicely, too. :) Brett Handley wrote:
>Haven't actually done that, but have thought about doing it for a while. >Only problem is how do you check that you can trust the code that you >receive? Even if it is on an internal LAN, you have to consider the >possibility of the LAN being opened in the future (accidently or otherwise). > >I wrote this >http://www.codeconscious.com/rebol/articles/x-internet-security.html >prior to the new test versions of REBOL and while it mentions Rugby it is >still relevent to what you are doing. You might want to look at it. > >I'd say if you keep your script, make it into a dialect and add some >authentication mechanism to it - otherwise you might have some unexpected >results :^) > >I believe some time ago Ladislav and Jeff (?) worked on a script that could >deal with untrusted code in a fairly robust manner, but I cannot remember >the details. > >Now after getting the cautions out of the way - it does sound cool. Exactly >why REBOL was designed like it is I imagine. :^) >
-- Sincerely, | When we remember we are all mad, the mysteries of Ed Dana | life disappear and life stands explained. Software Developer | -- Mark Twain 1Ghz Athlon Amiga |