How about a load/secure level ?
where level none just does not allow the usage of /pro or /command
functions,
higher levels could prohibit more functions
USAGE:
LOAD source /header /next /library /markup /all /secure level
DESCRIPTION:
Loads a file, URL, or string. Binds words to global context.
LOAD is a native value.
ARGUMENTS:
source -- (Type: file url string any-block binary)
REFINEMENTS:
/header -- Includes REBOL header object if present.
/next -- Load the next value only. Return block with value and new
position.
/library -- Force file to be a dynamic library. (Command version)
/markup -- Convert HTML and XML to a block of tags and strings.
/all -- Load all values. Does not evaluate REBOL header.
/secure -- prohibits unsafe and not allowed functions
level -- security level (Type: none block)
>>
[EMAIL PROTECTED] wrote:
> Ladislav:
>
>> an interesting discussion
>>
>
> Thanks. It is.
>
> I once toyed with the idea of allowing Library members to upload arbitrary
> code that REBOL.org would execute on their behalf.
>
> The theory being that it would allow the ultimate level in customization of
> the services the Library provides -- instead of being limited to the
> preference
> checkboxes on configuration panels, your arbitrary code could filter or
> enhance the stuff the CGI scripts produce.
>
> The idea got put aside for two reasons. One was the licensing -- which
> appears now to be a resolved issue.
>
> The other was (as Carl exactly puts it in the dialog you've pointed us to)
> "Ah... That's really dangerous."
>
> We would need to ensure that any arbitrary code had no access to all sorts of
> things that a stand-alone REBOL script can do. One worse-case scenario is
> that a spammer writes a script that sends a bazillion emails and we run it
> for
> them.
>
> Running arbitrary code safely requires more than a sandbox: more of a
> blast-proof bunker.
>
> Some parts of such a bunker can be constructed by unsetting or modifying
> mezzanines (disabling send is an easy one).
>
> But other parts are not so easy -- how to stop a script overwriting part of
> the system object, or running for more than 1 second, or writing more files
> than we have a quota for?
>
> That level of security needs some support at the built-in / native level.
>
> Sunanda
>
--
To unsubscribe from the list, just send an email to
lists at rebol.com with unsubscribe as the subject.
