[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KDE Scripting Interface [2nd Try]
From:       Ellis Whitehead <kde () ellisw ! net>
Date:       2001-07-20 5:02:17
[Download RAW message or body]

> > If thereīs any GUI program executing scripts, the security should be
> > built in that scripting engine. Not in DCOP, thatīs the point IMO.
>
> Yes and no. If you want to allow the ability to use DCOP from the script,
> the security should be extended to DCOP.

IMHO, this would be the only good reason for having security with DCOP.  But 
I don't think that allowing direct dcop access from something like a kword 
script is a good idea in the first place.

If one is to be able to write complex scripts in kword/kspead/whatever, some 
kind of limited dcop access would add a lot of power.  But there are definite 
negatives to allowing this which have already been mentioned -- the most 
important IMO being the inevitability of worms which take advantage of 
inevitable security holes.

Because of this my vote goes against giving a user direct access to dcop 
via embedded scripts.  And if there aren't embedded scripts doing arbitrary 
dcop calls, then there's no need for dcop security.

Regards,
Ellis

[prev in list] [next in list] [prev in thread] [next in thread]