Allowing relative file imports
Mike Parker
aldacron at gmail.com
Fri Mar 27 05:37:29 PDT 2009
Walter Bright wrote:
> Georg Wrede wrote:
>> I mean, how often do you see web sites where stuff is fed to a C
>> compiler and the resulting programs run????? (Yes it's too slow, but
>> that's hardly the point here.) That is simply not done.
>
> Consider the Java JVM. You've probably got one installed on your
> computer. It gets java code from gawd knows where (as the result of web
> browsing), it compiles it, and runs it on your machine unbeknownst to you.
The thing about the JVM, though, is that it runs in a sandbox. Try to
access the file system, or to change the display mode, from an applet or
WebStart-enabled app. It's not going to happen without the user granting
permission. And you know every time the JVM starts up, either from the
Sun logo displayed as the applet loads, the Java logo in the system
tray, or the WebStart dialog that asks permission to run the applet.
Java developers wanting to use the platform for games actually complain
that there's too much security (or, more accurately, that the security
dialogs are either too scary for the average user or ignored
completely). What's worse are the independently developed browser
plugins that allow untrusted executable binaries to run.
>
> .NET does that too.
>
> Every day my browser downloads javascript code, compiles it, and runs it.
>
> There's no reason in principle that D could not be used instead.
>
> This means that we should think about security issues. Compiling
> untrusted code should not result in an attack on your system.
>
> http://www.comeaucomputing.com lets you upload random C++ code, compile
> it on their system, and view the messages put out by their compiler.
> Suppose you did it with D, had it import some sensitive file, and put it
> out with a pragma msg statement?
More information about the Digitalmars-d
mailing list