[prev in list] [next in list] [prev in thread] [next in thread] 

List:       koffice-devel
Subject:    Re: Draft template for registration of KOffice mimetypes (last call)
From:       Werner Trobin <trobin () kde ! org>
Date:       2002-05-20 13:01:54
[Download RAW message or body]

On Monday 20 May 2002 14:37, Marc Mutz wrote:

::snip::

> Security considerations:
> 
>         As of this writing, KApp documents do not contain any active
>         content. As such, it is believed that usage of this mimetype
>         does not introduce security concerns other than those already
>         inherent in ZIP archives, XML files and supported image files.
> 
>         It is expected that later versions of KApp feature scripting
>         and macro recording facilities. It is, however, not intended
>         to include these active content into the KApp document itself.
> 
>         KApp documents include document metadata such as the name of
>         the author, etc. However, none of this data is written
>         automatically.

Hmm, it is written automatically, in a way. We simply get the KDE wide default 
settings and unless they're explicitly changed by the author of the document 
we write that information out. In 99% of all cases this will be Name + EMail 
address.

> The KApp user has full control over what
>         metadata is to be included and must actively request the
>         inclusion. As such, the use of this mimetype does not lead to
>         hidden leaking of possibly sensitive data.

Not sure about that. A paranoid security guru would disagree here.

Ciao,
Werner

P.S. Thanks for taking care of the registration process.
_______________________________________________
koffice-devel mailing list
koffice-devel@mail.kde.org
http://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]