Security consideration
-
This is an issue for any executable (and many non-executable) downloads on the internet, and is precisely the reason we do not allow downloads that do not contain source code. I've also see anti-virus software complain about demo downloads from CodeProject - not because the code contained a trojan, but because a trojan contained the code!
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
...and the dog merrily chases his tail.
Christopher Duncan
www.PracticalUSA.com
Author of The Career Programmer and Unite the Tribes
Copywriting Services -
If someone were to ever try this, I bet the next CP contest would be to develop a botnet that would bury this guy so deep that the next three generations of his family wouldn't even be able to use a computer for as much as googling "When is this going to end?"
Brad Deja Moo - When you feel like you've heard the same bull before.
:laugh: :laugh: :thumbsup:
Regards. -------- M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpfull answers is nice, but saying thanks can be even nicer.
-
It's not my choice. For the one laptop that is under my control we have an exclusive contract to use Endpoint. The others were home users.
John
-
digital man wrote:
Maybe demos should be banned (how would that work?)
By only having demos that are built by a trusted third party. A lot of work for the hamsters, though.
I wanna be a eunuchs developer! Pass me a bread knife!
Ah, bit like Escrow, perhaps? Not bad: I suppose it could be a paid service that would earn CP some more gazillions and would certainly weed out some of the more, how can I put it... not terribly well thought out articles.
Tychotics: take us back to the moon "Life, for ever dying to be born afresh, for ever young and eager, will presently stand upon this earth as upon a footstool, and stretch out its realm amidst the stars." H. G. Wells
-
A user of Code Project would (presumably) be presumed to be a developer. If you're reading an article, then you should at least be able to understand the content of the article and at least be at a level with the language it's in that you understand the demo you're about to download. I don't run code before reading through it and at least understanding where it's going, even if I don't understand all the concepts present. I also know enough networking code to spot it. If I try and build it and it doesn't work, I'll invariably delete it and mark the rating of the article one lower than I would have had the demo code worked as described by the article. I don't think it's a security risk, and I'm pretty sure a report of an article that had malicious content would be treated seriously and quickly by the admins on the site.
hammerstein05 wrote:
I don't think it's a security risk, and I'm pretty sure a report of an article that had malicious content would be treated seriously and quickly by the admins on the site.
What if you were the first to review the code?
John
-
It's not my choice. For the one laptop that is under my control we have an exclusive contract to use Endpoint. The others were home users.
John
-
hammerstein05 wrote:
I don't think it's a security risk, and I'm pretty sure a report of an article that had malicious content would be treated seriously and quickly by the admins on the site.
What if you were the first to review the code?
John
I was thinking more of a user reading the code and deeming the content to be malicious, than them actually running the content.If you were the first to read and you ran it without checking, then, whoops.