[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] Building extensions

From: strk
Subject: Re: [Gnash-dev] Building extensions
Date: Wed, 2 May 2007 11:35:50 +0200

On Wed, May 02, 2007 at 11:24:34AM +0200, Udo Giacomozzi wrote:
> Hello Rob,
> Thursday, April 26, 2007, 6:28:51 PM, you wrote:
> >> "Do you think that a command-line switch to allow the use of specified
> >> extensions is enough?"
> RS>   No. I'd rather we have an actually thought out security plan instead.
> RS> We could add an option like that for now, but it's be a temporary fix
> RS> when we should really focus on the correct solution, whatever that is.
> I'd like to *remind* that the MM player pops up a confirmation dialog
> when accessing the webcam, for example. This *could* be a solution for
> the FileIO problem too.

Yes, more callbacks to the GUI will be needed for this.

> Anyway, I see some important things:
> - extensions should be enabled at compile time explicitly (they will
>   probably be used only for special cases)

They are already.

> - the user should know in some way when a security relevant extension
>   is being used by a movie (I would not want that my browser allows
>   full file system access to any movie I see on a web page)

We have a log_security() function which is currently used for loading resources.
We should use it for FileIO and similar things too, even if for just saying:
we're allowing this (so the user knows).

> - in certain cases, extensions should be allowed explicitly and
>   without bothering the user (important for embedded designs)

Wouldn't a config file be enough ?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]