[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] Extensions and GNASHRC

From: Eric Hughes
Subject: Re: [Gnash-dev] Extensions and GNASHRC
Date: Fri, 25 May 2007 11:03:18 -0600

At 10:43 AM 5/25/2007, Sandro Santilli wrote:
Comments welcome.

The "correct" default, from a security point of view, is always "do nothing", because then there's no risk of malfunction. Leaving extensions off by default is just fine, and is likely the right way to behave permanently.

Now turning them back on in the way you've done, well, I don't think it's long-term solution. But you weren't looking for one. It'll do for now.

The long-term issue is granularity of authorization and the algebra of grants of such. The variable "EnableExtensions" might be sufficient to enable them for any .SWF (certainly the wrong thing) or might be necessary for enablement, requiring some other grant (possibly OK) or might be removed in favor of another mechanism. I see no need to decide now.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]