[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: Re: Linux Format: KSpread "disaster area"
From: Gary Cramblitt <garycramblitt () comcast ! net>
Date: 2006-01-14 17:11:50
Message-ID: 200601141211.50783.garycramblitt () comcast ! net
[Download RAW message or body]
On Saturday 14 January 2006 11:42, Martin Ellis wrote:
> On Saturday 14 January 2006 16:36, Gary Cramblitt wrote:
> > Personally, I prefer not to taint my system with a JVM and worry about
> > security risks.
>
> Is there any reason a Java VM is likely to have any more security problems
> than any other interpreter/VM?
>
> Or are you talking about scripting in general?
I'm talking about scripting in general, especially when the scripting language
allows access to resources outside the memory of the application. I'm not a
security expert, but my observation is that when you have scripting
capabilities that can access resources outside the app, like read/write
files, eventually someone will figure out a way to infect systems with it.
Its especially risky when the scripts can be embedded in a document or
spreadsheet. When someone starts talking about VBA, I run the opposite
direction.
Thing is, I believe *most* users don't need scripting and therefore the safest
thing to do is to allow scripting to be disabled.
--
Gary Cramblitt (aka PhantomsDad)
_______________________________________________
koffice-devel mailing list
koffice-devel@kde.org
https://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic