Email Clients and digital signatures
Sat Jul 5 18:44:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
Johan Wevers wrote:
| You, CL Gilbert, wrote:
|>What they are responsible for is making sure the scripts can do no harm.
|>~ In other words, that they run in a sandbox and have limited abilities.
| That would remove most of the thing scripts are legally used for (starting
| applications on an intranet).
I don't comprehend this. A script is not allowed to run local programs.
~ And certainly NOT automatically. Anything you start on your own is
your own fault. The only scripting I am aware of that is allowed is
page. like i said, its in a sandbox. the worse trick people have been
able to do is list your own files to you and act like they can see them
too when they can not.
|>~ Outlook is not supposed to automatically *run* arbitrary scripts. When
|>it does, thats an error.
| But the tight coupling of file extensions and how to start a file in
| makes it very likely even the smallest programming error results in such
| things. The problem I'm now getting is that windows virusscanners now
| protest against ANY file with a double extension, like X.txt.pgp. :-(
still disagree. that has nothing to do with outlook, and Linux even has
a fileroler or something that can start programs based on extensions.
Again, if you start the program yourself, all bets are off. they do not
start automatically. Thats why .bat,.exe,.pif are dangerous files and
should always be refused. That why the tricksters are sending .pif
files in zip packages (on a daily basis to me). Thats why they have
resorted to sending MS Office files with macros in them. You still have
to run them.
Free Java interface to Freechess.org
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----