[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: KDE Scripting Interface [2nd Try]
From: Ellis Whitehead <kde () ellisw ! net>
Date: 2001-07-20 5:02:17
[Download RAW message or body]
> > If thereīs any GUI program executing scripts, the security should be
> > built in that scripting engine. Not in DCOP, thatīs the point IMO.
>
> Yes and no. If you want to allow the ability to use DCOP from the script,
> the security should be extended to DCOP.
IMHO, this would be the only good reason for having security with DCOP. But
I don't think that allowing direct dcop access from something like a kword
script is a good idea in the first place.
If one is to be able to write complex scripts in kword/kspead/whatever, some
kind of limited dcop access would add a lot of power. But there are definite
negatives to allowing this which have already been mentioned -- the most
important IMO being the inevitability of worms which take advantage of
inevitable security holes.
Because of this my vote goes against giving a user direct access to dcop
via embedded scripts. And if there aren't embedded scripts doing arbitrary
dcop calls, then there's no need for dcop security.
Regards,
Ellis
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic