Thursday, September 14, 2006

Security?

Scriptman responded to my last post with the following questions:

O.K. point taken, but how do you overcome security issues such as passing "nasty" commands to the interpreter? (yes even Perl has them if scripts are not properly configured.)

This is a very good question. Our web BASIC uses a custom web server with the language engine built right into it. We are trying to be very security minded. We will sandbox each session to prevent improper access to files and to avoid server swamping, processes that fail to terminate, etc.

Another question I have is, will your Basic have a feature to "get" (sorry no pun intended) parameters such as the IP of the client ?Much like the Perl $ENV{REMOTE_ADDR}

We don't have this yet, but I see no reason why it cannot be made available.

No comments: