newlispfanclub.alh.net

Friends and Fans of newLISP
http://www.newlispfanclub.alh.net/forum/

Security for calling newLISP.dll

http://www.newlispfanclub.alh.net/forum/viewtopic.php?f=9&t=1503

Page 1 of 1

Security for calling newLISP.dll

Posted: Sun Dec 17, 2006 2:58 pm
by HPW
The current discussion on calling newLISP.dll from it's standard installation folder, makes me thinking about security risks, coming from a potentialy modified newLISP.dll! (source and compiler are free available)

This let come the idea to my mind to hold a table of MD5-keys for each known newLISP.dll release. Then a user would be able to check the validity of a installed DLL and also detect the version before calling.

Would that work?

Then I would think about adding a MD5-check-command to my neobook-plugin.

Posted: Sun Dec 17, 2006 5:10 pm
by newdep
Yes that should work, just put the md5 or CRC on your website and
perhaps a tool so people can check..

You could also buildin your own check! befor calling the .dll just
do a check on the dll if its authentic. This could be anything, from
a smart small building function you made to a MD5 or crc check.


Norman.

Posted: Sat Dec 23, 2006 7:28 pm
by HPW
Just upload hpwNewLISP 2.18:

http://www.hpwsoft.de/anmeldung/html1/n ... ook14.html

Action: hpwNewLispMD5String - Calculate the MD5 hash of a string!
Action: hpwNewLispMD5File - Calculate the MD5 hash of a file!

Will allow to verify a original newLISP.dll
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited