Are there any options to make it really secure?<br><br>Gerhard<br><br><div class="gmail_quote">On Mon, Jan 11, 2010 at 10:13 AM, Lukas Renggli <span dir="ltr"><<a href="mailto:renggli@gmail.com">renggli@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">> Thats not a simple hack.<br>
> And it doesn't really take over the computer.<br>
<br>
</div>Sure. As soon as I can execute arbitrary Smalltalk code on your<br>
machine, i can deploy a Trojan for your platform.<br>
<div class="im"><br>
> Anyway, such hacks are not possible anymore.<br>
<br>
</div>There is an infinite number of other hacks. It gets harder over time,<br>
but the one below is particularly simple:<br>
<br>
html evaluateUnloggedForSelf: #[34 73 110 115 116 97 108 108 32 116<br>
104 101 32 102 97 118 111 114 105 116 101 32 116 114 111 121 97 110 34<br>
<div class="im">32 83 109 97 108 108 116 97 108 107 73 109 97 103 101 32 99 117 114<br>
114 101 110 116 32 115 110 97 112 115 104 111 116 58 32 102 97 108 115<br>
101 32 97 110 100 81 117 105 116 58 32 116 114 117 101] asString<br>
<br>
</div>My point is that no matter how much time you spend on making it secure<br>
by checking for particular patterns or strings, there will always be<br>
ways to fool it. In the Smalltalk world security is inherently weak,<br>
mostly because of the strong reflective capabilities. I would really<br>
love to see you application on the web, but in its current form we<br>
won't be able to run it on <a href="http://seaside.st" target="_blank">seaside.st</a>.<br>
<br>
Lukas<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="h5">Lukas Renggli<br>
<a href="http://www.lukas-renggli.ch" target="_blank">http://www.lukas-renggli.ch</a><br>
_______________________________________________<br>
seaside mailing list<br>
<a href="mailto:seaside@lists.squeakfoundation.org">seaside@lists.squeakfoundation.org</a><br>
<a href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside" target="_blank">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br>
</div></div></blockquote></div><br>