It depends highly on who you have shared your dropbox with. If you
are playing a game with random people picked up off the internet then
sure, I would be VERY paranoid about executing anything that went into
that shared file. That said, Dropbox stores a complete history of
every version change for every file it holds. If you are worried
about the people you are playing with, just check that the .JAR hasn't
been altered since the last time you launched the game every time you
play. That way you know it hasn't been compromised.
Personally, I play over Dropbox with people I know in real life so I'm
as confident with this method of play as I would be in receiving a USB
stick from them with files on.
Also, JAR's are pretty limited in their scope, they have write access
but unless you are running the JVM as a privileged user it shouldn't
have the capacity to do anything nasty to the system.
Like everything on the internet, it's a risk but I don't see it as a
big one. Worst case scenario is that dropbox itself gets hacked, but
running rails from within a dropbox isn't going to make that situation
any worse than it already would be!
Phil
2010/1/19 Jim Black <ji...@ko...>:
>
> Guys-
>
> Running Rails directly from a shared dropbox isn't a 'slight' security risk- it's a huge security risk.
>
> This is the classic 'trojan horse' scenario, where people run something they think they trust- and it might be something completely different, or a virus-impregnated version of the original.
>
> When I run Rails, it has full access to read/write files on my local disk. I need to trust Rails, essentially- I only do, because I get it myself from the sourceforge download page. Otherwise I'd have no basis to trust the program at all.
>
> Most certainly, there will be some bad-apples/hackers in the online game community- you really don't want to run any programs this cavalierly.
>
> just my two cents.
>
> - jim
>
>>
>>
>
>
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for Conference
> attendees to learn about information security's most important issues through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> Rails-devel mailing list
> Rai...@li...
> https://lists.sourceforge.net/lists/listinfo/rails-devel
>
|
