[Seaside] Seaside playground
Lukas Renggli
renggli at gmail.com
Mon Jan 11 09:13:19 UTC 2010
> Thats not a simple hack.
> And it doesn't really take over the computer.
Sure. As soon as I can execute arbitrary Smalltalk code on your
machine, i can deploy a Trojan for your platform.
> Anyway, such hacks are not possible anymore.
There is an infinite number of other hacks. It gets harder over time,
but the one below is particularly simple:
html evaluateUnloggedForSelf: #[34 73 110 115 116 97 108 108 32 116
104 101 32 102 97 118 111 114 105 116 101 32 116 114 111 121 97 110 34
32 83 109 97 108 108 116 97 108 107 73 109 97 103 101 32 99 117 114
114 101 110 116 32 115 110 97 112 115 104 111 116 58 32 102 97 108 115
101 32 97 110 100 81 117 105 116 58 32 116 114 117 101] asString
My point is that no matter how much time you spend on making it secure
by checking for particular patterns or strings, there will always be
ways to fool it. In the Smalltalk world security is inherently weak,
mostly because of the strong reflective capabilities. I would really
love to see you application on the web, but in its current form we
won't be able to run it on seaside.st.
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch
More information about the seaside
mailing list