On Nov 30, 2005, at 7:16 PM, Mark Nutter wrote:
Hmm, it does seem that there are security implications here I
hadn't anticipated, and I'm betting it would be fairly cumbersome
to implement a version of Runtime.GetObject that respected scoping
and encryption restrictions.
Yes and no. You can look at the Dictionary values in the Debugger
right now.
The difference is that you cannot normally gain access to the
Dictionary methods to read and write the Value. Like I said you
could change the values in the debugger with REALbasic 5.5 (they
haven't added that feature to REALbasic 2005 yet), but it really
wouldn't matter that much because you couldn't change the values in
one of your distributed apps.
The only Object that I can think of that you cannot currently view
the values in the debugger are the Database classes. For example,
you could create an in-memory REALSQLDatabase and the data in the
tables would be secure even from the debugger (not from a memory-dump
though). But providing access for all objects through Runtime would
allow anyone to read and write directly to the REALSQLdatabase.
Now I admit this would be a nice feature, and the cases where it
could be abused would be rare. If this feature honored scope, then
it would be a pretty sever limitation... but if the feature only
prevented access to objects that were owned by *encrypted* classes
and plugins it should satisfy everyone.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
|