[Anjuta-list] Re: [PATCH] Re: [scintilla] Autocompletion lists with images (VCstyle)

["Neil Hodgson" <nhodgson bigpond net au>]

Biswapesh Chattopadhyay:

> Won't it be better if we support both xpm_data and xpm_file (in
> different functions of course). We'd prefer to pass the file name as
> parameter for Anjuta for example. Can you elaborate a bit on why this is
> not a good idea from security P.O.V ?

   I'd like to support both file formats but, just as with configuration
parameters, applications may want to use 'files' that are actually database
records, registry entries, or remote resources. Linking the file format to
only real files decreases the flexibility of the feature.

   Remote development systems are, I think, an important area for future
progress. An example of this is in the SinkWorld demonstration at:
http://www.users.bigpond.net.au/nhodgson/SwedeDemo.html
   Scintilla has been built into an ActiveX control and also a Netscape
plugin. In these uses, you want to ensure not just that the control is
itself safe (for which you have to trust the cmponent developer) but that it
is also safe when embedded on a page with script manipulating the plugin.
The sorts of scenario that would cause security concerns are where the
plugin can be asked to read a file and then allow that file to be retrieved
by an unfriendly host which supplies a script that drives the plugin. The
use of XPM file reading for UI display should not directly allow this
retrieval but could conceivably interact with other features (such as a
print or remote display command) or with bugs (say a buffer overflow bug) to
leak this data into an uploadable form. Therefore drawing a line that says
"Scintilla will not perform file I/O" ensures that the security status of
Scintilla can be easily determined and trusted. Its also easier to perform a
security audit on the Scintilla source code and determine that I haven't
included a back door.

   Neil