Asp Forum - Security within a ruby interpreter

dwerder

4/12/2005 8:47:00 PM

Hello!

I'd like to write a lib which objects can only be used if the caller
has authenticated using username and password for example, sth like
that:

a = MyObject.new 'username', 'password' # returns instance is pass is
correct
a.doSpecialThings

I can assure that the source files can't be changed by setting file
permissions properly.
But how can I be sure that nobody can alter the class at runtime?
Is it sufficient to load potentially dangerous code with load('file',
true) ?

How can I prevent an attacker from reading the source where the
credentials must be stored somewhere? If ruby can read the source,
File.open can too, doesn't it?

Maybe it's not a good idea at all...

thank you for thinking about this :-)
Dominik

Servizio di avviso nuovi messaggi

Ricevi direttamente nella tua mail i nuovi messaggi per
Security within a ruby interpreter

Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te

Il servizio è completamente GRATUITO!

comp.lang.ruby

Security within a ruby interpreter

dwerder

x Login to ForumsZone