[REBOL] Re: SDK licensing issues
From: volker:nitsch:gm:ail at: 3-Feb-2006 20:33
On 2/3/06, Gregg Irwin <greggirwin-mindspring.com> wrote:
> GS>> Why would a *normal* synapse chat user need a REBOL interpreter?
>
> VN> Or later to do a quick complex search without need for a fully fledged
> VN> dialect first (you know, every sufficiently complex program implements
> VN> a lisp-interpreter, sadly even rebol-coders have to do that ;)
>
> This is one of those wonderful, tricky areas that we don't know much
> about yet (IMO); how do we write applications that can safely use
> REBOL as their macro language.
>
> We can be safe by writing a dialect, but that's a lot of work if we
> want a powerful macro language, and you may still open up security
> holes (probably will as a matter of fact).
>
> You can't be safe running raw REBOL; even a macro the user writes is
> unsafe because it can unintentionally cause harm. Of course, if the
> macro code has access to application code, all bets are off about
> whether the app will even run.
>
> The allure of configurable apps, with REBOL as a macro language, is
> powerful; but danger doesn't lurk there, it's in plain sight.
>
MS uses VB for user-scripting all the time. With regard to internet
dangerous, yes. But for a big part because VB cant lock system-access,
while 'secure can. With rebol a macro can only harm the application,
in VB take over the system. Thats different. Althought 'secure could
use improvements, specially restricting network better (to certain
hosts/ports only, currently it can play proxy to the internal
network). And needs better explanation.
> -- Gregg
>
> --
> To unsubscribe from the list, just send an email to
> lists at rebol.com with unsubscribe as the subject.
>
--
-Volker
Any problem in computer science can be solved with another layer of
indirection. But that usually will create another problem.
David
Wheeler
