[REBOL] Re: "browse" under view 1.2.10.3.1
From: nitsch-lists:netcologne at: 2-Jul-2003 10:31
Am Mittwoch, 2. Juli 2003 04:30 schrieb James Marsden:
> Hi Ashley,
>
> At first I thought this was great too - then I had a little think about
> the possible security implications on a network / trusted domain.
>
> Where that lovely ability falls in a crashing heap is security.
>
> In a best case scenario a teenage pest writes virii.exe to your local
> HDD then executes it eliminating your pc from the silicon pool - in a
> worst case scenario, your business is running IOS applets and some
> applet gets infected and takes out every machine on the network..
>
I think with IOS RT sees this a bit relaxed.
With IOS all users are invited. And there is a complete history on the server,
so the bad scripter can be detected.
With Reb its another matter. The 1.2.10 is loudly marked as insecure when
downloading. I guess they will fix it like launch:
set-browser-path: func[url][alert "disabled"]
I hope they will include 'launch and 'set-browser-path in the
security-settings
> Of course this will only be a real issue to windows users, but still..
>
Ha! wiping out users home is cruel enough.
Current "we are a windows" - desktops ignore easy backups completely AFAIK.
> Regards,
>
> James.
>
> On Wed, 2003-07-02 at 12:05, Ashley Truter wrote:
> > > set-browser-path "c:\windows\notepad.exe"
> > > browse "c:\temp\test.txt"
> >
> > Which lets us replace call (and the black cmd box it briefly flashes up)
> > with:
> >
> > call: func [cmd [file!] /arg arg1 [string!]] [
> > =09set-browser-path to-string to-local-file cmd
> > =09browse either arg [arg1][""]
> > ]
> >
> > ;call %/c/winnt/notepad.exe
> > ;call/arg %/c/winnt/notepad.exe "fred.txt"
> >
> > I wonder how long we can rely on this "feature" being present. ;)
> >
> >
> > Regards,
> >
> > =09Ashley
Volker
