[REBOL] Re: load and mold/all security issue
From: rotenca:telvia:it at: 25-Sep-2003 15:17
Hi Volker,
i'm not sure you are right, wgen you say:
> someone sends you data. you load it. you expect something like
> o: context [ a: 1 b: 2]
> you code "do-something-with o/a"
> somebody sends you
> o: context[ a: 1 b: func[][ take-over-system ] ]
Doing a loaded program cannot be sure. The same can happen with
> somebody sends you
o: [ take-over-system]
if you do it in a way or in another:
do o
context o
do does o
What you say would be true only if no word would be binded to the global
context, but this happens only with functions and object.
I understand that a word cannot be serialized in every situaltion, but i think
that it should be or binded to a serialized upper level context o to the
global context.
Until yesterday i thought that mold/all was a more general version of mold,
but now i am convinced hat it is a different tool, which can be used only to
serialize a speficic kind of Rebol data (no words).
I also ask why to serialize a function which cannot be used like a function.
If only security is the target, mold/all should not serialize any function at
all.
I also ask why words in blocks are binded and not word in objects or
functions.
---
Ciao
Romano
