Thanks Kevin, looking forward to the security improvements. Lyn
On Feb 27, 2013, at 8:35 PM, Kevin Miller wrote: > This is a common problem with high level languages and has always been > present not only in our platform, but in many others throughout history. > We do have various ideas about how to further improve code security in the > commercial edition and look forward to implementing those during the > restructure. > > Kind regards, > > Kevin > > Kevin Miller ~ ke...@runrev.com ~ http://www.runrev.com/ > LiveCode: Everyone can code > > > > > On 27/02/2013 18:08, "Lyn Teyla" <lyn.te...@gmail.com> wrote: > >> Hi all, >> >> It has been 3 years since my post to this list urging RunRev to fix the >> serious security issue where the scripts of password protected stacks and >> standalone apps can be fully viewed via memory dumps. >> >> This is because password protected scripts remain unencrypted in memory >> after compilation. That's right, no password is needed, the code is right >> there in memory. >> >> The issue was also lodged via the LiveCode Quality Control Center (LQCC) >> as report #8672: >> >> http://quality.runrev.com/show_bug.cgi?id=8672 >> >> In September 2010, Mark Waddingham finally responded to the LQCC report, >> saying that the issue would be eliminated in 5.0 with the move to Unicode. >> >> He then marked the LQCC report as private. >> >> Alas, even after the move to Unicode, the issue remains unresolved. >> >> In September 2011, I requested for a RunRev response via the LQCC report, >> and received none. >> >> In August 2012, I once again requested for a response, and finally >> received a reply from "Your Quality Team", who said they did not have an >> expected target release for this fix yet. >> >> They then set the report to "Hibernating" mode, which sure doesn't sound >> good. >> >> It is now 2013. Post-KickStarter, RunRev will be implementing a revamp to >> LiveCode, while offering dual-licensing. >> >> Given that the main difference between the commercial version and the >> open source version is script security, this has become an issue of even >> greater importance. >> >> And yet, there has been no word about when this security issue will be >> fixed. >> >> The LQCC report remains "hibernated". >> >> So the question is, when exactly will this issue finally and actually be >> fixed? >> >> Also, if it still isn't fixed once dual-licensing is up and running, then >> what would be the point of releasing closed-source applications when the >> code is going to be right there in memory unencrypted, for thieves to >> steal? >> >> Does no one else think this is an important issue that needs to be >> addressed immediately? >> >> - Lyn >> >> >> >> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
