'Re: .desktop security changes are committed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: .desktop security changes are committed
From:       Michael Pyne <mpyne () purinchu ! net>
Date:       2009-02-23 1:58:45
Message-ID: 200902222058.48989.mpyne () purinchu ! net
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Sunday 22 February 2009, John Tapsell wrote:
> 2009/2/22 Michael Pyne <BALEETED>:
> > "This will start the program '%s'. If you are unsure of the origin, click
> > Cancel."
>
> Could you try to sanitize %s somewhat?  Strip out ' and "  characters,
> cut it to 10 or so characters etc.  Try to make it difficult for
> social engineering through the program name.

Sure, shouldn't be too hard.

Regards,
 - Michael Pyne

[Attachment #5 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta \
name="qrichtext" content="1" /><style type="text/css">p, li { white-space: \
pre-wrap; }</style></head><body style=" font-family:'Droid Sans Mono'; \
font-size:10pt; font-weight:400; font-style:normal;">On Sunday 22 February \
2009, John Tapsell wrote:<br> &gt; 2009/2/22 Michael Pyne \
&lt;BALEETED&gt;:<br> &gt; &gt; "This will start the program '%s'. If you \
are unsure of the origin, click<br> &gt; &gt; Cancel."<br>
&gt;<br>
&gt; Could you try to sanitize %s somewhat?  Strip out ' and "  \
characters,<br> &gt; cut it to 10 or so characters etc.  Try to make it \
difficult for<br> &gt; social engineering through the program name.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Sure, shouldn't be too hard.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
                -qt-user-state:0;"><br></p>Regards,<br>
 - Michael Pyne</p></body></html>


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic