As most people on this list i downloaded and tested the portal of
Sivakatirswami.
That's a great job !
Until now, the "computer based training" solutions where based on java (cf
toolbook) or shockwave or flash. It was difficult to program and/or heavy to
download.
Sivakatirswami's solution is light, powerful and elegant.
But we have now to consider the security...
A *.mc app can do anything : destroy all the data of a computer, use a
computer to destroy all the data on a network, ...
We have to protect our customers against :
- downloading a utility and misusing it
- downloading a bugged and dangerous mc file
- downloading some mc-based virus
I can think of 2 kind of solutions :
1) solution based on signature
The programmer put his signature in his runtime and in his stacks. When
opening a stack, the runtime checks if the stack has the right signature.
The process could be a "compress+encrypt" function built in the engine and a
"decompress+decrypt" function build in the runtime.
2) solution based on limiting the runtime
The Navigator, MSIE or javascript have some internal limitations to forbid
writing on the user's disk.
Would it be possible to have in metatalk some internal flag forbiding a
runtime to write on the user's disk but in the folder where the runtime is ?
Archives: http://www.mail-archive.com/metacard%40lists.best.com/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
