[openbeos] Re: OBOS Security
- From: Isaac Yonemoto <ityonemo@xxxxxxxxxxxx>
- To: Michael Phipps <mphipps1@xxxxxxxxxxxxxxxx>
- Date: Thu, 8 Aug 2002 12:43:14 -0500 (CDT)
> BeOS allows you to send BMessages to any app. That is how scripting
> other apps works. As MS has found out, allowing scripting also allows
> hacking. (i.e. VB mail virii) Messages can not be spoofed, but they
> don't have to.
Right. At least some sort of authentication method needs to be available
for BMessages. While BWindows do not immediately offer the strong
vulnerabilities (through scripting) that MS's window messaging allows, a
cleverly written parasite could easily exploit a *particular* application,
especially if the source code for the application were
available. (Though, I suspect it might be easy to exploit a BFilePanel
and delete files, or, worse, exploit Tracker, launch DiskProbe, and then
do whatever -- you get the picture).
we could start with having a uid attached to each message.
then perhaps having a "key" option, some sort of encrypted item, for those
developers who feel they should have "extra strong" security on their
messages.
Isaac
Other related posts:
