World: r3wp

I want both. Settings are in %user.r, by secure. And %user.r is modified 
by the panel. As it is currently with 'set-net and /desktop.

that starts to make things like plug-in impossible, if we go "let's 
use only browser networking" route ....

No, browsers have an inbuild firewall. look for cross-site-scripting.

I do my own app, on puprose, and browser mailer pop-ups? Uh, that 
should be optional at least ....

Flash does not work? YOu have full networking to your own server, 
what else do you need?

what if I dynamically build my-send function?

Who receives your mail?

Url blocked -> no mail.

I am for domain restricting/sandboxing, not for features change, 
so that send would pop-up browser etc kind of things ... not sure 
it is manageable .... then reading http should use browser too?

Volker - probably misunderstanding, sorry ..

And mail is critical IMHO. Its on account of the sender in the eyes 
of most people, even if one just fakes the from. If you can that 
from users machine, you have even the right headers.

Ah, yes, misundeerstanding.

The urls are blocked so you can not reach a "legit" mail-server so 
you can not 'send.

But sending mail is needed for feedback itc, its stupid if it can 
not be done. SO we need 'send, but not access to the needwork. So 
another app, which shows text, requests agreement. So, why not users 
emailer?

browse "mailto:[oldes-:-somewhere-:-cz]"

I think, that the mini firewall is only possible solution, but I 
don't know, how difficult it will be to implement

But let the networking in, it's the best thing in Rebol. I'm using 
plugin only as a IRC. I really don't know if it can be compared with 
Flash so someone would make stupid banners in Rebol

Its not the banner, its somebody doing irc from your ip while showing 
you banners.

If you host the reblet from your irc-server, its no problem. Else 
the user needs to bless you explicitely, like with noscript.

I thin, Josh should read some doc about Flash security: http://www.adobe.com/devnet/flash/articles/fplayer_security.html

And hopefully that control-panel is more verbose than the current 
requester. And offers good informations about the effects.

BTW. In the latest Flash versions, you can use ports lower than 1024 
(if you allow it) - It was not possible before.

http://www.adobe.com/devnet/flash/articles/fplayer8_security.html

The plugin *needs* to be highly restricted by default. Please scroll 
up to the top of this group where BrianH and others made some fine 
points about security.

but system dialogs are half-way solutions - 1) they can't be translated 
2) they are ugly and do not copy design principles of your apps .... 
stating that - is there a secure way of how to overcome this? Could 
you provide your own UI and supply it for the internal security system? 
Probably not, as I could ask user completly different question :-(

1) They can be translated.
2) They are a necessary evil.

I want ability to integrate into my app logic, not nasty looking 
UFO stuff ...

I like that ugly and different. Tells me i am not working inside 
the app. Because inside the app, if it asks me "Do you like [x] please?" 
i click yes, whatever [x] is. Its in a sandbox, no?

haven't you meet yourself with requester, which asked for permission 
for file e.g., where path was cut-down? That is the same like no 
requester at all ...

If I can't control the plugin, Petr, I am not going to install it. 
I'm not going to develop for it, because there will be no reason 
why anyone will trust it. Well, you will be able to do that. Perhaps 
in a separate version of the plugin which might come later.

Yes, that is a bug.

I am not saying "windows message box".

Heck, what kind of argument is that, Petr ?

Because current security dialog looks ugly, let's not have security 
in the upcoming plugin ?
  That doesn't make any sense.

i am saying 
  call/input/output "rebol %trusted-requester.r" 

Where the call is hardwired like 'browse and can not be influenced 
by reblet.

Let's stop this immature "oh we are going to lose abilities" paranoid 
attitude.

bad UI argument .... dunno how others do it, but I prefer to set 
my settings in control panel, not ending up with myriads of different 
requesters asking for myriads of permissions to which reaction of 
users I know apriori - they will hate this, possibly click yes or 
no no matter what and wonder why things eventually don't work ..... 
all I am asking for is security presented in sensible way, that is 
all ...

I want to get over this stage really fast because it is starting 
to annoy me. I want to come to this group and read fresh material, 
not still stuck on these issues.

Fine - control panel. I like it too. That doesn't explain your attitudes 
above to various suggestions.

Let's get over it now, please.

And also, such things should typically not be needed by apps. My 
usual need is for a link back to my server, and there are no restrictions.

Security is what kills or make a plugin IMHO, at least for small 
quality companies.

Regarding UI, i would always pop up the conrtol-panel, not a yes/no-requester. 
Highlight the area which is currently interesting.

something like the page-info in browsers, + checkboxes.

Volker - sounds good idea. The thing is - that control panel - is 
that rebol script/UI or some native stuff? And also - Java has icon 
in control panel, how such aproach is solved eg. on OS-X, Linux - 
do they share similar concept of having control panel facility in 
OS?

reading back my replies - my apology to Anton and others - I was 
creating way to much unnecessary noise, sorry...

Why not go with my suggestion from before (scrolled off the history, 
I'm afraid)? Don't remove network, file access, etc. by default - 
instead, restrict it with secure and bring up a security requestor 
when the applet tries it? It should be up to the user to allow these 
plugins access anyways.

so far - I like Volker's suggestion most - extending secure:


That mini-firewall is in my secure-proposal:  secure [net ask tcp://rebol.com 
allow].

Although securing ports would be nice too, secure [net ask tcp://rebol.com 
80 8080 - 9090 allow].


I would just dare to add - it could be kept in all rebol versions, 
not just plug-in. Also - maybe (not sure), we could have option to 
"silence" (no-pop-up) the security - e.g. not bringing up pop-up, 
but e.g. secure/console secure/log or something like that, still 
of course to keep security tight ...

I'm pretty adamant about not allowing any file access by default 
without permission though. You don't want anonymous scripts to be 
able to store any data at all on your hard drive, outside of the 
browser's built-in storage (cache, cookies).

Brian - not even in plug-in sandbox?