Hi Hannes,
Right now script updates are locked down by IP address, so at this point no one
can update the three scripts I put on unless they spoof my ip.
I realize this may lock some out of their own scripts if ip changes, I plan to
add an auth system to this and let user store a usrname/key to pass to server
to validate their script edit access.
I'll probably include a rating system and vote to remove system also.
Thanks,
Matt
Sent from my Palm Pre on AT&T
On Oct 14, 2012 3:59, Hannes Schüller <[email protected]> wrote:
Hello Matthew,
this sounds great and I think it would be very useful if you could
document all of this in the wiki as well so that people not on the
mailing list can discover about it as well.
Personally, I'm a bit worried about this, though:
> If you want to add a script to the server, just use:
>
> ./ahungry_scripter.sh push ./yourscript.js
>
> and it'll be merged into the tar.gz within the next minute.
So if I push some malicious script, it will be merged into the 'repo'
automatically. OK, you could argue that people should check the code
before using the script, fair enough. How is versioning handled,
though. I.e. what if I (being an evil attacker) push a file with the
same name you're using for your popular script? Will it then be
overwritten and distributed to all the happy users of your script?
Hannes
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Vimprobable-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vimprobable-users
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Vimprobable-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vimprobable-users
