[516] in WWW Security List Archive
Re: Web Scripting Languages (was: Re: two-way communication in html)
daemon@ATHENA.MIT.EDU (J. Eric Townsend)
Tue Mar 7 21:20:35 1995
Date: Tue, 7 Mar 95 13:23:21 -0800
From: jet@abulafia.genmagic.com (J. Eric Townsend)
To: riddle@is.rice.edu (Prentiss Riddle),
FisherM@is3.indy.tce.com (Fisher Mark), hallam@dxal18.cern.ch,
www-security@ns2.rutgers.edu
In-Reply-To: <9503071511.AA05617@is.rice.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Not speaking as an official General Magic representative and whatnot..
Also, I'm not a telescript hacker, I'm a unix systems hacker. I know
the telescript hackers, tho. :-)
"riddle" == Prentiss Riddle <riddle@is.rice.edu> writes:
riddle> Another base worth looking at, if only for comparative
riddle> purposes, would be General Magic's Telescript. I haven't been
riddle> able to find any technical descriptions of Telescript, but it
There aren't any out just yet. There will be, else General Magic
might go under eventually due to competition from open standards.
Telescript does have a lot of "safety" stuff built into it, from what
I understand. RSA technology is used for certification, other algos
for encryption, etc etc.
Keep an eye on http://www.genmagic.com
riddle> However, the assumption that it is possible to create a safe
riddle> interpreted environment for intelligent agents troubles me.
as it does some magicians.
riddle> The issue is not just one of prohibiting agents from making
riddle> arbitrary system calls.
it helps to not *have* to run the interpreter as root.
riddle> Isn't it the case that any
riddle> non-trivial application requires access to data which are in
riddle> some way sensitive, and that sensitive data by definition
riddle> would be vulnerable to misuse by a malicious agent?
Maybe. If you have a true database with decent security handling the
data and a certification based engine accessing the db it helps.
I think most people on this list would not be teribly surprised at the
overall architecture of the telescript platform. There's nothing
terribly innovative at the fundamental level. The implementation is
another matter entirely.
Again, not speaking officially for General Magic,
--
J. Eric Townsend vox #: USA 408.774.4252
work: jet@genmagic.com AT&T PersonaLink: A5803643645@attpls.net
play: jet@well.sf.ca.us or get my card from directory information
