secureFolder

FourthWorld · Post by **FourthWorld** » Thu Sep 05, 2013 6:35 pm

Many years ago I suggested a secureFolder feature as a compliment to secureMode, providing single directory where files can be written and read from, and downloaded stacks could be stored:
http://quality.runrev.com/show_bug.cgi?id=867

Over the years I've been tempted to mark that as "Closed" simply because it seemed to address too rare of a use case to be worthwhile.

But a recent discussion with Richard Herz in this thread changed my mind:
http://forums.runrev.com/viewtopic.php?f=6&t=15252

Richard made Reactor Lab, a standalone that delivers any number of chemical reaction simulators as stacks over HTTP:
http://livecodejournal.com/features/reactorlab.html

Other schools have found it useful, and would like to share simulation stacks, which led to he and I discussing security strategies.

The bottom line is that secureMode is a great solution, allowing one to exchange stacks over the wire, and even if they contain malware they can't harm the system. There are apparently a couple bugs right now with how secureMode interacts with libURL (see http://quality.runrev.com/show_bug.cgi?id=11114 ), but by and large it's a great solution for security, making LC standalones more secure than almost any browser could be.

But this comes at a cost: no local caching, so everything not included in the standalone itself needs to be downloaded with every session, whether it's changed or not.

The secureFolder request is one possible solution for this, allowing a single directory to be specified, with the conditions that the directory be in user space and be limited in the size of its contents so it can't fill the hard drive.

With both secureMode (fixed, of course) and secureFolder, here's the vision of what could become possible:

Schools around the world can create and share courseware, simulations, quizes, evaluation tools, and more. Each school could have its own repository, and they could choose to share their repositories with others, so the combinatorial effect would be a global explosion of learning materials available everywhere in the connected world.

With the addition of secureFolder, the value of such repositories grows dramatically because it reduces bandwidth needs, allowing even schools in remote locations with modest connection speeds to make optimal use of such materials.

So my question here is two-fold:

1. How would secureFolder need to be implemented to provide the sort of security we're looking for?

2. How difficult would it be to implement it?

Thanks for considering this.