Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 20 Nov 2003 12:14
 Next: 20 Nov 2003 22:43

Other threads:
 Prev: IOS on USB
 Next: How DO they DO that?

Same author:
 Prev: 20 Nov 2003 12:00
 Next: 21 Nov 2003 15:35

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
2-Oct 15:21 UTC
[0.05] 10.707k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: Rebol for real world applications

From: nitsch-lists:netcologne at: 20-Nov-2003 12:12


Am Donnerstag, 20. November 2003 06:15 schrieb Sabu Francis:

> Hi:
> Thank you Max and thank you Romano. I fixed the problem this way.
>
> I gave up the idea of using an object, because as Romano had pointed out;
> it can be insecure
>  when the block is converted to an object, the code will get executed. I
> cannot afford to have my
> users put up some arbitrary Rebol code inside the configuration file  --
> say to mail out
> out the secret recipe for everlasting youth which is residing on my server
>
> :-) to them or
>
> do something more sinister.
>
> So now I'm using the following code
>
> ;;;Warning: Untested code
> loadCfg: function [cfgfile] [pp]
>  [
>    either error? try [ pp: load/all cfgfile]
>      [
>        return false
>      ]
>     [
>       forskip pp 2 [set first pp second pp]
>       pp: none
>      return true
>     ]
> ]
>
> The cfgfile contains parameters that are written in name value pairs using
> Rebol syntax, thus:
>
> a: {Something in the way she moves attracts me like no other lover }
> c: "Something in the way"
> c: ["she" "woos" "me"]
> d: 9
> e: [george--something--com]
>
> Using the forskip statement in my code, the appropriate global variables
> are setup. Though
> I dont like global variables generally (a habit picked up while programming
> in other languages)
> I guess I'll live with that for now. I am hoping that the way the globals
> are setup using the forskip
> statement, I would be preventing people from putting executable code into
> the configuration file
>
> Or have I got that wrong? Is there a better way of doing it?
>


On newer rebols there is 'construct. which creates an object but executes
nothing.


>> probe construct[hehe: print "hacked" name: "me" block: [1 2 3] object:

#[object! [a: none]]]

make object! [
    hehe: 'print
    name: "me"
    block: [1 2 3]
    object:
    make object! [
        a: 'none
    ]
]

A eventuall drawback is, using the #[object! []] a lot seems to crash
sometimes. Gabriele reported problems when using it for lots of messages.
I guess its related to the problems with unbound words.
But it crashes then completely, does not execute code.
so your youth would be save :)
You get the #[object![]]-stuff when using save/all or mold/all, so you can
recreate objects without executing code.
Words in such objects are not bound, like to-block does. so functions there
may start, but trigger an error immediate.

-Volker

1 · 2 · 3 · 4 · [5] · 6 · 7 · 8 · 9 · 10 · See whole thread