|
From: Matthew C. <je...@gm...> - 2012-10-14 11:54:28
|
Hi Hannes, Right now script updates are locked down by IP address, so at this point no one can update the three scripts I put on unless they spoof my ip. I realize this may lock some out of their own scripts if ip changes, I plan to add an auth system to this and let user store a usrname/key to pass to server to validate their script edit access. I'll probably include a rating system and vote to remove system also. Thanks, Matt Sent from my Palm Pre on AT&T On Oct 14, 2012 3:59, Hannes Schüller <ha...@yl...> wrote: Hello Matthew, this sounds great and I think it would be very useful if you could document all of this in the wiki as well so that people not on the mailing list can discover about it as well. Personally, I'm a bit worried about this, though: > If you want to add a script to the server, just use: > > ./ahungry_scripter.sh push ./yourscript.js > > and it'll be merged into the tar.gz within the next minute. So if I push some malicious script, it will be merged into the 'repo' automatically. OK, you could argue that people should check the code before using the script, fair enough. How is versioning handled, though. I.e. what if I (being an evil attacker) push a file with the same name you're using for your popular script? Will it then be overwritten and distributed to all the happy users of your script? Hannes ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Vimprobable-users mailing list Vim...@li... https://lists.sourceforge.net/lists/listinfo/vimprobable-users |
