Email Clients and digital signatures
CL Gilbert
Lamont_Gilbert@RigidSoftware.com
Sat Jul 5 18:44:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Johan Wevers wrote:
| You, CL Gilbert, wrote:
|
|
|>What they are responsible for is making sure the scripts can do no harm.
|>~ In other words, that they run in a sandbox and have limited abilities.
|
|
| That would remove most of the thing scripts are legally used for (starting
| applications on an intranet).
|
I don't comprehend this. A script is not allowed to run local programs.
~ And certainly NOT automatically. Anything you start on your own is
your own fault. The only scripting I am aware of that is allowed is
javascript or vbscript, and its just as limited as if it were on a web
page. like i said, its in a sandbox. the worse trick people have been
able to do is list your own files to you and act like they can see them
too when they can not.
|
|>~ Outlook is not supposed to automatically *run* arbitrary scripts. When
|>it does, thats an error.
|
|
| But the tight coupling of file extensions and how to start a file in
windows
| makes it very likely even the smallest programming error results in such
| things. The problem I'm now getting is that windows virusscanners now
| protest against ANY file with a double extension, like X.txt.pgp. :-(
|
still disagree. that has nothing to do with outlook, and Linux even has
a fileroler or something that can start programs based on extensions.
Again, if you start the program yourself, all bets are off. they do not
start automatically. Thats why .bat,.exe,.pif are dangerous files and
should always be refused. That why the tricksters are sending .pif
files in zip packages (on a daily basis to me). Thats why they have
resorted to sending MS Office files with macros in them. You still have
to run them.
- --
Thank you,
CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/BwChVbJM14DSCi0RAtSqAKDwl8480PY7fgH+h0dEE9A4RdmLmQCeJV3p
sn4yYjs0cwSGy/y9/viUAvw=
=vDsE
-----END PGP SIGNATURE-----