Security for calling newLISP.dll

Started by HPW, December 17, 2006, 06:58:22 AM

Previous topic - Next topic

HPW

The current discussion on calling newLISP.dll from it's standard installation folder, makes me thinking about security risks, coming from a potentialy modified newLISP.dll! (source and compiler are free available)



This let come the idea to my mind to hold a table of MD5-keys for each known newLISP.dll release. Then a user would be able to check the validity of a installed DLL and also detect the version before calling.



Would that work?



Then I would think about adding a MD5-check-command to my neobook-plugin.
Hans-Peter

newdep

#1
Yes that should work, just put the md5 or CRC on your website and

perhaps a tool so people can check..



You could also buildin your own check! befor calling the .dll just

do a check on the dll if its authentic. This could be anything, from

a smart small building function you made to a MD5 or crc check.





Norman.
-- (define? (Cornflakes))

HPW

#2
Just upload hpwNewLISP 2.18:



http://www.hpwsoft.de/anmeldung/html1/neobook/neobook14.html">http://www.hpwsoft.de/anmeldung/html1/n ... ook14.html">http://www.hpwsoft.de/anmeldung/html1/neobook/neobook14.html



Action: hpwNewLispMD5String - Calculate the MD5 hash of a string!

Action: hpwNewLispMD5File - Calculate the MD5 hash of a file!



Will allow to verify a original newLISP.dll
Hans-Peter