On Mon, 14 Aug 2000, opus.species wrote:
> I wrote
>
> > > 2) solution based on limiting the runtime
> > > The Navigator, MSIE or javascript have some internal limitations to
> forbid
> > > writing on the user's disk.
> > > Would it be possible to have in metatalk some internal flag forbiding a
> > > runtime to write on the user's disk but in the folder where the runtime
> is ?
>
> Scott Raney answered
>
> > Something like this is already in there: Setting the "secureMode"
> > property to true prevents accessing files or running subprocesses on
> > the current system. You can set it to true in a startup handler (once
> > set to true, it can never be set back to false for that session), or
> > on Windows and UNIX, by passing "-f" on the command line.
>
> The good news with Metacard is that it is very powerfull :-)
> The bad news with Metacard is that the documentation is quite cryptic for
> unix-unliterate scripters who do not exactly know what a "file system" or a
> "subprocess" look like :-(
>
> The doc says : "When the secureMode is set to true, all access to the file
> system and other system resources is disabled. Once set to true, it cannot
> be reset back to false."
>
> What does mean "all access to the file system ... is disabled" ? Does it
> mean that you can neither read nor write from/to your disk / local network
> / internet ?
Yes.
> Does it mean only that a "securemode" runtime cannot write to disk ?
Yes.
> Does it mean also that a "securemode" stack cannot be saved ?
Yes.
> Does it mean also that a "securemode" runtime cannot open an external stack
> ?
No: this is the one exception to the rule.
> Does it mean also that a "securemode" runtime cannot read data from
disk ?
Yes.
> Does it mean also that a "securemode" runtime cannot put into an url
?
I can put into an "http://" url, but not to a "file:" url.
> Does it mean also that a "securemode" runtime cannot get an url ?
No, it only applies to the local system.
> What does mean "all access to ... other system resources is disabled" ?
I guess this just means you can't use the Registry on Windows...
> Does it mean that a "securemode" runtime cannot print ?
No.
> Does it mean also that a "securemode" runtime cannot send an email ?
No, you can still do this using sockets.
> What mean "Setting the secureMode property to true prevents ...running
> subprocesses" ?
> Does it mean that a "securemode" runtime cannot use the "launch" or "open
> process" command ?
Exactly.
> Does it mean that a "securemode" runtime cannot open a substack ?
No. Those are all loaded with the main stack anyway...
Scott
> Regards, Claude
********************************************************
Scott Raney [EMAIL PROTECTED] http://www.metacard.com
MetaCard: You know, there's an easier way to do that...
Archives: http://www.mail-archive.com/metacard%40lists.best.com/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
