One basic thing I noticed about the demo is that the OCXs weren't signed 
which caused IE to warn of potential security breaches and caused me to 
configure the IE security prefs to a lower level to even let me run it.  I 
think any such Squeak OCXs, OXAs, etc should be signed.  That would allow 
users to set their browsers to a higher security level.  Another 
possibility (again fairly painless) would be to register them with 
Verisign.  Of course this would be in addition to any architectural 
safeguards.

S

>Serg Koren wrote:
>---snip---
>> However, it does bring up the possibility of nasty squeak viruses infecting
>> your machine.  Some thought should be given regarding a security mechanism
>> to limit or prevent such things if Squeak/web applets are to be produced.
>
>This is one of those projects that has not yet gotten attention. Ted
>Kaehler posted this spec and challenge last year for a file-safe VM for
>Squeak:
>
>""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
>  Subject:           File-safe Squeak VM
>     Date:           Mon, 8 Sep 1997 18:16:28 -0700
>     From:           "Ted K." <tedk at wdi.disney.com>
>
>Folks,
>        We have discussed servers written in Squeak that evaluate an
>arbitrary Smalltalk expression, or serve up HTML.  These serves are
>vulnerable to any Smalltalk virus that overwrites the server's hard
>disk.
>        Mark Lentczner and I have been thinking about this issue for
>several years, and have written up the way we made Codeworks(tm) be
>file-safe.  See
>http:www.glyphic.com/glyphic/papers/safehelperapps/title.html  (Glyphic
>Codeworks is a prototype-based Smalltalk-like system available for the
>Mac for free at www.glyphic.com)
>
>        For Squeak, I've come up with the following spec for a File-Safe
>VM.  The idea is that user code can wreck havoc within the Squeak image,
>but can only do limited damage on the host's disk.  With these
>restrictions, in each session, only files in one folder can be read and
>written, only a limited number of new files can be opened, and only a
>limited number of bytes can be written.  In addition, we want a user who
>accidentally runs into the limits to be able to save his work one last
>time before the system refuses to write anymore.  Only servers and other
>special applications would use this VM.  Normal operation of the server
>would not trigger these limits.
>
>        The File-Safe VM proposal:
>
>1) A new flag "NoVirus" in the C translator. False for the normal Squeak
>VM, and true for the File-Safe VM.
>
>2) At Squeak startup, init some counters in C.  Put 100 into
>SessionNewFiles, put 10,000,000 in SessionBytesWrt.
>
>3) Code in the File primitive: If NoVirus, file prim will not read or
>write outside the Squeak folder.  That folder is found by some fixed
>path from either the .image location or the .exe location.  Writing in
>the .image is also allowed (used to save a modified image after sys
>updates).  Served pages must be in a folder within the Squeak folder.
>
>4) If NoVirus, no file types may be written except those of .sqo, text,
>and image (Mac).  No files ending in suffixes other than .sqo, .img, or
>.txt may be written (PC) (This is to block out .exe, and other special
>suffixes.) No aliases may be written.
>
>5) If NoVirus, every file rename or file creation decrements
>SessionNewFiles. When zero, do the primitive, but also return an error
>code.  The Squeak file code puts up the message "More than 100 files
>were created this session.  To prevent viruses, we do not allow more.
>After this write is complete, quit Squeak."  When less than zero, just
>fail the primitive. (How check for a code when the primitive succeeds?
>In the File info block??)
>
>6) If NoVirus, all bytes witten decrement SessionBytesWrt.    When 1 meg
>or less, do the primitive, but also return an error code.  The Squeak
>file code puts up the message "More than 9 megs were written on the disk
>this session.  To prevent viruses, we do not allow more.   After this
>write is complete, quit Squeak."  When less than zero, just fail the
>primitive.
>
>7) No Apple Events or ActiveX interprocess events are allowed.  (Don't
>allow another app to do the file writing for us.)
>
>8) If NoVirus, disable the escape to user-supplied C code, or to direct
>OS calls (when we have these in Squeak).
>
>        Creating this new VM would not only help Squeak web servers, but
>also any end-user Squeak applications that involve blindly downloading
>Squeak code over the web.  Would you like to do it?
>
>--Ted Kaehler.
>""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""



-------------------------------------------------------------------
VisualNewt Software
http://www.VisualNewt.com/

-------------------------------------------------------------------
Makers of Newt'sPaper(tm) - the premiere newsreader for the Newton
and Newt'sWeather(tm) - the Newton's weather solution.

-------------------------------------------------------------------