Security

Within StrongED there are functions that can be used to run external code. These functions are very useful in integrating external utilities with StrongED but they also pose a potential security threat: it is theoretically possible to write malicious code and tie it to a function which is assigned to a key/menu/icon. When the key/menu/icon is used the malious code would then be executed. This could lead to all kinds of nasty things.

To prevent this from happening, a facility has been created that allows permissions to be set for such functions on a mode by mode basis. This is the ModeLock file. It controls the operations of all such functions in that mode.

By default, all permissions in this are set to 'A' (Ask user). If the permission for a particular function is set to 'A' and a function is invoked, then an error window will pop up. This window will give the user four options:

Allow always
This changes the ModeLock file's Run permission to Y so no question is asked in future.
Deny always
This changes the ModeLock file's Run permission to N so the action which called the function has no effect in future.
Alow action
This allows the action this time but leaves the ModeLock file unchanged so the question will be asked when th efunction is invoked again
Deny action
This denies the action this time and leaves the ModeLock file unchanged.
Once Allow always or Deny always have been selected, the only way to change that permission is to edit the ModeLock file by hand.

Other relevant pages

Top of page


Page Information

http://css.torrens.org/valid-html401-bluehttp://css.torrens.org/valid-css Document URI: http://stronged.torrens.org/man/security.html
Page first published Wednesday the 6th of June, 2018
Last modified:Wed, 06 Jun 2018 12:27:27 BST
© 2018 - 2018 Richard Torrens.