Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: SDK licensing issues

From: SunandaDH:aol at: 2-Feb-2006 4:41

> an interesting discussion
Thanks. It is. I once toyed with the idea of allowing Library members to upload arbitrary code that would execute on their behalf. The theory being that it would allow the ultimate level in customization of the services the Library provides -- instead of being limited to the preference checkboxes on configuration panels, your arbitrary code could filter or enhance the stuff the CGI scripts produce. The idea got put aside for two reasons. One was the licensing -- which appears now to be a resolved issue. The other was (as Carl exactly puts it in the dialog you've pointed us to) Ah... That's really dangerous. We would need to ensure that any arbitrary code had no access to all sorts of things that a stand-alone REBOL script can do. One worse-case scenario is that a spammer writes a script that sends a bazillion emails and we run it for them. Running arbitrary code safely requires more than a sandbox: more of a blast-proof bunker. Some parts of such a bunker can be constructed by unsetting or modifying mezzanines (disabling send is an easy one). But other parts are not so easy -- how to stop a script overwriting part of the system object, or running for more than 1 second, or writing more files than we have a quota for? That level of security needs some support at the built-in / native level. Sunanda