vespa@ssyx.ucsc.edu (Adam Alexander Margulies) (04/30/88)
I hate security, copy protection, and secrecy, but I couldn't help
playing with some of hypercard's "security" features.
It is difficult to keep someone from going to another stack and
typing into the message box "edit script of stack XYZ". I found that
on openStack
set userlevel to 1
.
.
.
nicely foils that (although I found that almost no "secure" stacks do
this. Through this method I have breached many a "secure" stack)
Hypercard uses a lot of encryptionn (literally dozens of
different compression techniques, this is effective encryption)
so people cannot fedit your stack for passwords. To be truly secure
you must set the userlevel to 1 on openStack, intercept the
message box being opened, and stop blindtyping. Also putting a
on idle
hide menubar
end idle
seems to be the best way of avoiding things like PopIt! from giving
access to the menubar, and it is easier than intercepting every
menu item.
Anyone played with hypercard security and/or enjoy breaking
other people's security?
I said, type it NOW, Adam! || ||Adam Margulies |
\ ||_ /| ||ARPA: vespa@ucscb.ucsc.edu |
||\`o_O' ||BITNET: vespa@ucsci.BITNET |
|| ( ) ||UUCP: ...!ucbvax!ucscc!ssyx!vespa |
----------------------------||--mU-m-||WEIRD:vespa%ssyx.ucsc.edu@RELAY.CS.NET |
|DISCLAIMER: ||ATT: (408)429-8868 |
| These are NOT my opinions. They are my dog's. |ypay@portia.Stanford.EDU (daniel cory) (04/11/91)
I am working on a stack that will be used by a large number of people, some of whom may be hypercard programmers. I cannot password protect it since I do want other people to be able to use it. What code should I put into the scripts to prevent the scripts and buttons and some of the data from being changed (This stack works like a database - you can add a record and fill it out but may not change old records)? Send me absolutely anything that may help prevent unauthorized access. I will, of course, summarize the results and post them to the net if they are sent to me, rather than the network. Thanks, Dan Cory -- Dan Cory If you look up through a eucalyptus tree, you see very few leaves.
mike@pyrite.SOM.CWRU.Edu (Michael Kerner) (04/12/91)
HA! Right. Security in anything below 2.0 is a joke. If you are putting the stack on an AppleShare server you could lock it and make sure none of your users have write access to the directory. That would make sure that noone can change it. The main problem is that if ANYONE gets write access, there is a simple (relatively) way to get around the security, any security, but first let me explain the effort I have gone through to protect our network front-end. All the stacks intercept the doMenu message and usually veto requests, since none of the users have any business in there (of course, since the highest level I grant is typing - in the login stack, there are few options available). The second thing I do is intercept the idle message and reset the settings to cantModify and userLevel = 2. That way if someone is fairly intelligent and has done what I would try then they have to exert a lot more effort to get there. I'm not going to post how to get around the double-dipper, although most of you (I'm sure) know how. For those who may be interested, I'll EMAIL it. Later, Mikey. Mac Admin WSOM CSG CWRU mike@pyrite.som.cwru.edu