[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
[Monthly Archives]
[List Home]
Re: [Virtools] Deploy building block with webplayer?
- Subject: Re: [Virtools] Deploy building block with webplayer?
- From: "Frederique Krupa" <frede@virtools.com>
- Date: Wed, 29 Jan 2003 17:30:00 +0100
Yes, money is a concern at Virtools - it takes money to fund R&D and
Virtools (unlike many others) is still around to provide you guys with great
tools, but what Patrick said about VSL (new feature in Dev 2.5) being able
to bypass the need for certain custom DLLs is also TRUE. Hence when you
upgrade to 2.5, Adrianus, you should become a happy camper.
And speaking of security gone sour, that darn Raid 1 Controller on the
Virtools webserver went haywire; hence on top getting Dev 2.5 out the door
(it's ready! it's great!), we are reformatting everything and reinstalling
the server/websites/databases/forums...... I'm personally thrilled at the
prospect. Hence we are on a backup server for the time being and things
(like the Swap-Meet) will be getting back to normal as quickly as
possible....
PS The player installation is still being assured by Akamai I can assure
you.
best regards,
Frede aka the grumpy webmistress
----- Original Message -----
From: "Adrianus Warmenhoven" <paladin@xs4all.nl>
To: "Romain Sididris" <roro@easynet.fr>;
<virtools-user-group@lists.theswapmeet.com>
Sent: Wednesday, January 29, 2003 4:18 PM
Subject: Re: [Virtools] Deploy building block with webplayer?
> > link with "format c:\" and you just made a virus : - (
> >
> > I don't think any Dll should be downloadable on the user computer
> > without some way to ensure it is harmless,
> >
> > Just a thought..
> >
> > +Romain
> [snippety for brevity]
>
> Well, I can do that already with ActiveX and/or a fake webplayer plugin.
> I still would be able to do that with the behavioral server.
> Putting a virus on someone's harddisk isn't a difficult thing to do; I do
a
> lot of Security Audits for companies, and I can tell you, it is possible
to
> do
> just about anything through IE.
>
> The point is not that it can not be done (a malicious mp3 file inside the
> vmo
> already accomplishes this) in a 'not so friendly' way, but that the whole
> idea of making bb's available is useless unless you fork down lots of cash
> for a behavioral server.
>
> Adding a signing method and a warning issue like java or activex is not
> very hard.
>
> I suspect a more protectionistic aproach towards the business of virtools,
> rather than the noble thought of protecting the user.
>
> And even if it were, I do not think that a Development Platform(!) company
> should tell developers how to go about security issues.
> But talking about development and security issues is off-topic, to me at
> least.
>
> Regards,
> Adrianus Warmenhoven
>
>
> ...............................................................
> Distributed via the virtools-user-group list:
http://www.theswapmeet.com/numl.html
> To reply to the list instead of its author, use "Reply to All"
> To unsubscribe: send "unsubscribe virtools-user-group" to
Majordomo@lists.theswapmeet.com
> To subscribe: send "subscribe virtools-user-group" to
Majordomo@lists.theswapmeet.com
> To post a message: send it to virtools-user-group@lists.theswapmeet.com
> ...............................................................
>
>
...............................................................
Distributed via the virtools-user-group list: http://www.theswapmeet.com/numl.html
To reply to the list instead of its author, use "Reply to All"
To unsubscribe: send "unsubscribe virtools-user-group" to Majordomo@lists.theswapmeet.com
To subscribe: send "subscribe virtools-user-group" to Majordomo@lists.theswapmeet.com
To post a message: send it to virtools-user-group@lists.theswapmeet.com
...............................................................
Follow-Ups:
References: