[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: DCOP question
From: Simon Josefsson <jas () pdc ! kth ! se>
Date: 1999-11-17 22:10:59
[Download RAW message or body]
pbrown@redhat.com writes:
> > Also, imho temporary application specific files should not be stored
> > in users home directories but instead in /tmp or similar, and care
> > should be taken so that it can't be exploited somehow. IMHO.
>
> Um, X has done this since the dawn of time and nobody seems to be
> complaining about a broken X set up. Or am I wrong?
We use AFS and putting .Xauthority in home directories doesn't work
very well (ie when your tokens expire you can't open a xterm to
authenticate yourself), I believe most AFS/NFS/DFS/Coda/whatever sites
change the xdm-scripts not to put cookies in people's home directory
since it causes trouble.
Wrt to .Xauthority security is also a concern -- NFS/AFS aren't (by
default) encrypted, by sniffing the network you could get access to
peoples screens/keyboards. I'm not sure if this is an issue with
DCOPserver, but .dcop* are only readable by the owner which might
indicate this.
All of this are issues in systems that depend on network filesystem to
a great deal, instead of having single-user local-disk workstations.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic