[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: KDE Scripting Interface [2nd Try]
From: Thomas Zander <zander () planescape ! com>
Date: 2001-07-20 6:19:52
[Download RAW message or body]
On Fri, Jul 20, 2001 at 01:02:17AM -0400, Ellis Whitehead wrote:
> Because of this my vote goes against giving a user direct access to dcop
> via embedded scripts. And if there aren't embedded scripts doing arbitrary
> dcop calls, then there's no need for dcop security.
Hmm, I think you pointed out the difference in perspective people have been
having.
I personally have never thought that a dcop call could be made by user code
from any application. (except from a shell or koscript or similar)
So a user script in kword means that the external interpreter is started and
it starts talking to kword via dcop.
Does anyone think the model I described here is wrong? Because this model
will certainly be available for worms, and with full user-rights.
Adding another more secure model will not make this one any less secure.
I think this is excactly what Martin has been saying.
--
Thomas Zander zander@earthling.net
The only thing worse than failure is the fear of trying something new
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic