Oldes: > I think there are still some issues as you can work with ports without > user permissions so for example someone can make a script which will attack > other pages or spam anybody and user don't need to know that something > is happening -
Thanks for that.....That was my understanding too. Which is partially why we've been cautious in implementing the plugin at REBOL.org.....It would be too simple for someone to upload a malicious script which is then just a naive IE click away from doing some damage. I've just uploaded what should be the final stage of implementing the plugin **safely** at REBOL.org. Our "security model" is two-phase: 1. Any Library member can upload a script and mark it as "plugin". We will allow the owner to run it under the plugin but not others. 2. A member of the "plugin posse" checks the script for malicious intent. If they don't find anything, they will flag the script as okay for the plugin. There are currently three scripts that are plugin enable -- they should all appear on this list with a *Run* link enabled. http://www.rebol.org/cgi-bin/cgiwrap/rebol/search.r?special-filter=recent There would be many more, but we're still waiting for script owners to update their scripts to say that they are plugin-ready: http://www.rebol.org/cgi-bin/cgiwrap/rebol/ml-display-message.r?m=rmlHVHC If you'd like to be on the plugin posse, please let me know. Sunanda -- To unsubscribe from the list, just send an email to rebol-request at rebol.com with unsubscribe as the subject.
