[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-i18n-doc
Subject: Re: KGeography needs your help
From: Nicolas Goutte <nicolasg () snafu ! de>
Date: 2005-08-10 17:08:18
Message-ID: 200508101908.18130.nicolasg () snafu ! de
[Download RAW message or body]
On Wednesday 10 August 2005 05:51, Chusslove Illich wrote:
> > [: Nicolas Goutte :]
> > However it must be seen how easy it would be for an attacker to use
> > ways similar to code injection or cross-site scripting (so in short,
> > make the non-executed string executable nevertheless.)
>
> Ok, I am out of my imagination here :) But there is also other side to
> this. What I forgot to recall before, is that scripting engine is not
> called at all if the msgstr *doesn't contain a script*. And it is not
> likely that msgstrs with placeholders for error messages, or actually any
> arguments which are arbitrary user input, would need scripting -- what
> would you script for an argument you have no clue what it might be?
Yes that would be a good point.
>
> Again, as scripts would be rare, we could set up notifications for *any*
> commited scripted message and panic if arguments it gets are indeed
> arbitrary user input...
I am thinking about having a member function like arg where you would tell
that you do not trust it. (However I am not sure how usefull it would be.)
>
> > Well currently without scripting, there is hardly any harm that can be
> > done. If the user-given sting has any %1, may be the script will look
> > odd but that is all. May be the string from the user is very long, but
> > it is the responsability of the C++ code to disallow for example buffer
> > overflows.
>
> In the current solution I didn't implement interpretation of placeholder in
> scripts, because it didn't feel clean, and now you also give me a
> reason :)
That is why security must be discussed. It seems that your choice was wise
(...)
Have a nice day!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic