If I remember correctly, there is a long-standing security issue where anyone can view the stack scripts of ANY Rev standalone by doing a "memory dump" WHILE the app is running.
This works EVEN if all stacks are completely password protected (and therefore encrypted)! Apparently this is caused by the RunRev engine decrypting and reading the scripts into memory and keeping them there in clear text for as long as the app/stacks are open. I have no idea how to do a memory dump, but I'm sure many do, and this security issue has kept us away from deploying major apps using Rev. By the way, this could also mean that the same security issue plagues the browser plugin, if the same method of running stacks is used. This can be a major problem especially if the scripts contain sensitive details such as database logins and so forth. Can anyone from RunRev confirm if this major security issue has been resolved? Also, can anyone who knows how to do a memory dump provide details on how this is done, so we can verify if this is still happening for standalones built using the latest version of Rev, and so that Kee can extract the needed scripts? Kee Nethery wrote: > Is there a way to view the scripts in the standalone or does runrev > purposefully make that difficult? _______________________________________________ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
