REALbasic plugin security?

realbasic-plugins

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

REALbasic plugin security?

from Christian Schmitz

[Bookmark Link]

To:	realbasic-plugins at lists dot realsoftware dot com
Subject:	REALbasic plugin security?
From:	realbasiclists at monkeybreadsoftware dot de (Christian Schmitz)
Date:	Thu, 1 May 2008 16:35:23 +0200
Authentication-results:	mx.google.com; spf=pass (google.com: domain of realbasic-plugins-bounces at lists dot realsoftware dot com designates 66.116.103.65 as permitted sender) smtp dot mail=realbasic-plugins-bounces at lists dot realsoftware dot com
Delivered-to:	listarchive at realsoftware dot com
Delivered-to:	realbasic-plugins at lists dot realsoftware dot com

Hi,

have you ever thought about plugin security?

I mean methods to prevent that a plugin is replaced by another one?

the RB runtime could at least:

load only the plugins which match by name and not just load all plugins
in the frameworks folder. This allows very easy code injection!

and check the plugins by name, size and a checksum to make sure the
correct plugin is there.

Gruß
Christian

-- 
Over 1000 classes with 20000 functions in one REALbasic plug-in. 
The Monkeybread Software Realbasic Plugin v8.2. 

<http://www.monkeybreadsoftware.de/realbasic/plugins.shtml>
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
REALbasic plugin security?, Christian Schmitz <= Re: REALbasic plugin security?, Tim Jones

Next by Date:	Re: REALbasic plugin security?, Tim Jones
Next by Thread:	Re: REALbasic plugin security?, Tim Jones
Indexes:	[Date] [Thread] [Top] [All Lists]