[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: Re: Linux Format: KSpread "disaster area"
From: Jaroslaw Staniek <js () iidea ! pl>
Date: 2006-01-14 17:57:31
Message-ID: 43C93C70.7070505 () iidea ! pl
[Download RAW message or body]
Gary Cramblitt said the following, On 2006-01-14 18:11:
> On Saturday 14 January 2006 11:42, Martin Ellis wrote:
>
>>On Saturday 14 January 2006 16:36, Gary Cramblitt wrote:
>>
>>>Personally, I prefer not to taint my system with a JVM and worry about
>>>security risks.
>>
>>Is there any reason a Java VM is likely to have any more security problems
>>than any other interpreter/VM?
>>
>>Or are you talking about scripting in general?
>
>
> I'm talking about scripting in general, especially when the scripting language
> allows access to resources outside the memory of the application. I'm not a
> security expert, but my observation is that when you have scripting
> capabilities that can access resources outside the app, like read/write
> files, eventually someone will figure out a way to infect systems with it.
> Its especially risky when the scripts can be embedded in a document or
> spreadsheet. When someone starts talking about VBA, I run the opposite
> direction.
>
> Thing is, I believe *most* users don't need scripting and therefore the safest
> thing to do is to allow scripting to be disabled.
IIRC the issue was already covered on his group. Solutions like digitally
signed scripts and sane defaults (no file support) for KROSS were proposed.
--
regards / pozdrawiam,
Jaroslaw Staniek / OpenOffice Polska
Kexi Developer: http://www.kexi-project.org | http://koffice.org/kexi
Kexi Support: http://www.kexi-project.org/support.html
Kexi For MS Windows: http://kexi.pl/wiki/index.php/Kexi_for_MS_Windows
KDE3, KDE4 Libraries For Developing MS Windows Applications:
http://www.kdelibs.com/wiki
_______________________________________________
koffice-devel mailing list
koffice-devel@kde.org
https://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic