Jump to content

I found a security hole in the compiler


Guest
 Share

Recommended Posts

Jeez op just modify the 'AutoIt Error' and 'unable to open the script' references that are stored in the STRINGTABLE resources of the interpreter if you are really that concerned.

Security hole, what a joke.

 

i was not aware of this option, can you please elaborate on how this is done? thanks

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

If the error message were to appear to come from user script name, It would be less than accurate.

I have no strong opinions about it really,  but I have not seen a single reason I would consider valid to make such a change.

Also think about this, if autoit interpreter cannot open user script, how exactly would it know the title of it?

.

it could be a suggestion to use AutoItWrapper directives to create a customized error message. if you do not use the directive, it stays default.

E.

and i repeat, i don't think it's a security hole, i am not paranoid or concerned, it is just a feature suggestion. and i agree that the op is a joke, but not this suggestion

Edited by Edano

[color=rgb(255,0,0);][font="'comic sans ms', cursive;"]FukuLeaks[/color][/font]

Link to comment
Share on other sites

 

 

au3 script has no "title", the intention is to use the exe file name.

 

 

reason 1: so the user knows from which application the error message is coming. if you have several exe's running, then providing the exe name is a good start for troubleshooting. and even more so if you have several compiled AutoIt exe's running.

reason 2: although this is far from being AutoIt fault, or relevant in anyway, and happily in decrease, the name resembles the autoit worm which swarmed the web few years back. you don't want to scare your users, do you?

Reason 1: your script would not be running, this was the whole point of the thread it errors out when you try to start it.

Reason 2: if your users are tampering with the compiled script, why care?

It's already been pointed out that critical errors due to bad code can be handled, by a few people, including myself, I still don't see valid reason for anything else.

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

What is the need?

.

what is the need of having a user chosen default icon ? nevertheless it was implied at some point.

 

Edit: it's simply nice.

Edited by Edano

[color=rgb(255,0,0);][font="'comic sans ms', cursive;"]FukuLeaks[/color][/font]

Link to comment
Share on other sites

@JohnOne, i agree critical errors can and should be treated inside the code. we all strive for robust code, but things do get overlooked, and hardware issues may also cripple the script. also, the error may occur anytime while the script is running, not necessarily at start. still my point is it's friendlier that such msgbox's carry the script exe name rather then the generic "AutoIt" title. and if it's editable as Mobius suggested, then that's fine.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

Say your exe was named "SuperSecret.exe"

SuperSecret cannot open SuperSecret ?

John, that's not even a good reason. The reason this doesn't need to be done is simply the fact that there is no decent reason for it to be. If it was that good of an idea, Valik/trancexx would've made this happen when they had the chance.

Link to comment
Share on other sites

@JohnOne, i agree critical errors can and should be treated inside the code. we all strive for robust code, but things do get overlooked, and hardware issues may also cripple the script. also, the error may occur anytime while the script is running, not necessarily at start. still my point is it's friendlier that such msgbox's carry the script exe name rather then the generic "AutoIt" title. and if it's editable as Mobius suggested, then that's fine.

I am only talking about the thread first post.

Once again other unforseen runtime critical errors can be handles in the way you want 

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

John, that's not even a good reason. The reason this doesn't need to be done is simply the fact that there is no decent reason for it to be. If it was that good of an idea, Valik/trancexx would've made this happen when they had the chance.

 

@ James, are you implying that "normal" users can not suggest new ideas? i'm not sure if i should be insulted or flattered  ;)

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

  • Developers

reed for example Edano posts.

But maybe that's not a problem ..

Anyway, i do not really care about it.

If you don't care then stop posting about it.

*Click*

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...