The current discussion on calling newLISP.dll from it's standard installation folder, makes me thinking about security risks, coming from a potentialy modified newLISP.dll! (source and compiler are free available)
This let come the idea to my mind to hold a table of MD5-keys for each known newLISP.dll release. Then a user would be able to check the validity of a installed DLL and also detect the version before calling.
Would that work?
Then I would think about adding a MD5-check-command to my neobook-plugin.
Security for calling newLISP.dll
Security for calling newLISP.dll
Hans-Peter
Yes that should work, just put the md5 or CRC on your website and
perhaps a tool so people can check..
You could also buildin your own check! befor calling the .dll just
do a check on the dll if its authentic. This could be anything, from
a smart small building function you made to a MD5 or crc check.
Norman.
perhaps a tool so people can check..
You could also buildin your own check! befor calling the .dll just
do a check on the dll if its authentic. This could be anything, from
a smart small building function you made to a MD5 or crc check.
Norman.
-- (define? (Cornflakes))
Just upload hpwNewLISP 2.18:
http://www.hpwsoft.de/anmeldung/html1/n ... ook14.html
Action: hpwNewLispMD5String - Calculate the MD5 hash of a string!
Action: hpwNewLispMD5File - Calculate the MD5 hash of a file!
Will allow to verify a original newLISP.dll
http://www.hpwsoft.de/anmeldung/html1/n ... ook14.html
Action: hpwNewLispMD5String - Calculate the MD5 hash of a string!
Action: hpwNewLispMD5File - Calculate the MD5 hash of a file!
Will allow to verify a original newLISP.dll
Hans-Peter