Smalltalk Cincom VisualWorks

Security hole in fields???

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Dennis smith-4
Reply | Threaded
Open this post in threaded view
|

Security hole in fields???

Dennis smith-4
If I put the following in a field
     XXuiClass open
where XXuiClass is some class with a UI

select it and press "Ctrl+Q"  it executes.

 From this I can do just about anything!!??

Is not a bit of a problem??

--
Dennis Smith                         +1 416.798.7948
Cherniak Software Development Corporation   Fax: +1 416.798.0948
509-2001 Sheppard Avenue East        [hidden email]
Toronto, ON M2J 4Z8              sip:[hidden email]
Canada         http://www.CherniakSoftware.com
Entrance off Yorkland Blvd south of Sheppard Ave east of the DVP

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Alan Knight-2
Reply | Threaded
Open this post in threaded view
|

Re: Security hole in fields???

Alan Knight-2
I don't think anyone ever replied to this, but yes, that's an issue, and should be addressed by AR 48502, currently in the integration queue.


[hidden email]
20 July, 2011 5:07 PM


If I put the following in a field
XXuiClass open
where XXuiClass is some class with a UI

select it and press "Ctrl+Q" it executes.

From this I can do just about anything!!??

Is not a bit of a problem??


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Dennis smith-4
Reply | Threaded
Open this post in threaded view
|

Re: Security hole in fields???

Dennis smith-4
Thanks alan -- I put in my own fix for now

On 30/08/2011 4:01 PM, Alan Knight wrote:
I don't think anyone ever replied to this, but yes, that's an issue, and should be addressed by AR 48502, currently in the integration queue.


[hidden email]
20 July, 2011 5:07 PM


If I put the following in a field
XXuiClass open
where XXuiClass is some class with a UI

select it and press "Ctrl+Q" it executes.

From this I can do just about anything!!??

Is not a bit of a problem??


_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc


-- 
Dennis Smith                 		         +1 416.798.7948
Cherniak Software Development Corporation   Fax: +1 416.798.0948
509-2001 Sheppard Avenue East        [hidden email]
Toronto, ON M2J 4Z8              [hidden email]
Canada			         http://www.CherniakSoftware.com
Entrance off Yorkland Blvd south of Sheppard Ave east of the DVP

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Free forum by Nabble Edit this page