Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: Rebol for real world applications

From: nitsch-lists:netcologne at: 20-Nov-2003 12:12

Am Donnerstag, 20. November 2003 06:15 schrieb Sabu Francis:
> Hi: > Thank you Max and thank you Romano. I fixed the problem this way. > > I gave up the idea of using an object, because as Romano had pointed out; > it can be insecure > when the block is converted to an object, the code will get executed. I > cannot afford to have my > users put up some arbitrary Rebol code inside the configuration file -- > say to mail out > out the secret recipe for everlasting youth which is residing on my server > > :-) to them or > > do something more sinister. > > So now I'm using the following code > > ;;;Warning: Untested code > loadCfg: function [cfgfile] [pp] > [ > either error? try [ pp: load/all cfgfile] > [ > return false > ] > [ > forskip pp 2 [set first pp second pp] > pp: none > return true > ] > ] > > The cfgfile contains parameters that are written in name value pairs using > Rebol syntax, thus: > > a: {Something in the way she moves attracts me like no other lover } > c: "Something in the way" > c: ["she" "woos" "me"] > d: 9 > e: [george--something--com] > > Using the forskip statement in my code, the appropriate global variables > are setup. Though > I dont like global variables generally (a habit picked up while programming > in other languages) > I guess I'll live with that for now. I am hoping that the way the globals > are setup using the forskip > statement, I would be preventing people from putting executable code into > the configuration file > > Or have I got that wrong? Is there a better way of doing it? >
On newer rebols there is 'construct. which creates an object but executes nothing.
>> probe construct[hehe: print "hacked" name: "me" block: [1 2 3] object:
#[object! [a: none]]] make object! [ hehe: 'print name: "me" block: [1 2 3] object: make object! [ a: 'none ] ] A eventuall drawback is, using the #[object! []] a lot seems to crash sometimes. Gabriele reported problems when using it for lots of messages. I guess its related to the problems with unbound words. But it crashes then completely, does not execute code. so your youth would be save :) You get the #[object![]]-stuff when using save/all or mold/all, so you can recreate objects without executing code. Words in such objects are not bound, like to-block does. so functions there may start, but trigger an error immediate. -Volker