Re: (in)SECURITY: mozilla-bonobo



Em Sex, 2003-12-05 às 16:06, Jean Bréfort escreveu:
> Le ven 05/12/2003 à 13:01, Fabio Gomes a écrit :
> > > 2a. Instead of adding a flag, use the "bonobo:supported_uri_schemes" oaf attribute.
> > >     This way, one can limit the used components to those that advertise that they
> > >     handle the protocols (http(s)/ftp) that are used to transfer files on the net.
> > >     Supposedly components that are aware of those protocols would also handle
> > >     untrusted data.
> > > 
> > Great. This wold solve the problem.
> 
> May be it solves the problem, but most components do not advertise this
> attribute. I searched which actually do. The list is quite short:
> several Nautilus components, fontilus and File_Roller, none of which
> being used by mozilla-bonobo or has http or ftp as content. 
> 

Hmm. So maybe the 'safe for web' flag could be a better idea.

-- 
Fabio Gomes de Souza <fabio gs2 com br> Fone: (81) 9127-0597

GS2 TECNOLOGIA DA INFORMACAO LTDA
 - Infra-estrutura de TI, seguranca, sistemas embutidos e Linux
 - Consultoria, planejamento, implementacao e gerenciamento

http://www.gs2.com.br negocios gs2 com br (81) 3492-7777





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]