[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: Re: Draft template for registration of KOffice mimetypes (last call)
From: Werner Trobin <trobin () kde ! org>
Date: 2002-05-20 13:01:54
[Download RAW message or body]
On Monday 20 May 2002 14:37, Marc Mutz wrote:
::snip::
> Security considerations:
>
> As of this writing, KApp documents do not contain any active
> content. As such, it is believed that usage of this mimetype
> does not introduce security concerns other than those already
> inherent in ZIP archives, XML files and supported image files.
>
> It is expected that later versions of KApp feature scripting
> and macro recording facilities. It is, however, not intended
> to include these active content into the KApp document itself.
>
> KApp documents include document metadata such as the name of
> the author, etc. However, none of this data is written
> automatically.
Hmm, it is written automatically, in a way. We simply get the KDE wide default
settings and unless they're explicitly changed by the author of the document
we write that information out. In 99% of all cases this will be Name + EMail
address.
> The KApp user has full control over what
> metadata is to be included and must actively request the
> inclusion. As such, the use of this mimetype does not lead to
> hidden leaking of possibly sensitive data.
Not sure about that. A paranoid security guru would disagree here.
Ciao,
Werner
P.S. Thanks for taking care of the registration process.
_______________________________________________
koffice-devel mailing list
koffice-devel@mail.kde.org
http://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic