Re: (in)SECURITY: mozilla-bonobo

From: Fabio Gomes <bugtraq gs2 com br>
To: Jean Bréfort <jean brefort ac-dijon fr>
Cc: Christian Glodt <chris mind lu>, gnome-devel-list gnome org
Subject: Re: (in)SECURITY: mozilla-bonobo
Date: Fri, 05 Dec 2003 16:53:32 -0300

Em Sex, 2003-12-05 às 16:06, Jean Bréfort escreveu:
> Le ven 05/12/2003 Ã  13:01, Fabio Gomes a Ã©crit :
> > > 2a. Instead of adding a flag, use the "bonobo:supported_uri_schemes" oaf attribute.
> > >     This way, one can limit the used components to those that advertise that they
> > >     handle the protocols (http(s)/ftp) that are used to transfer files on the net.
> > >     Supposedly components that are aware of those protocols would also handle
> > >     untrusted data.
> > > 
> > Great. This wold solve the problem.
> 
> May be it solves the problem, but most components do not advertise this
> attribute. I searched which actually do. The list is quite short:
> several Nautilus components, fontilus and File_Roller, none of which
> being used by mozilla-bonobo or has http or ftp as content. 
> 

Hmm. So maybe the 'safe for web' flag could be a better idea.

-- 
Fabio Gomes de Souza <fabio gs2 com br> Fone: (81) 9127-0597

GS2 TECNOLOGIA DA INFORMACAO LTDA
 - Infra-estrutura de TI, seguranca, sistemas embutidos e Linux
 - Consultoria, planejamento, implementacao e gerenciamento

http://www.gs2.com.br negocios gs2 com br (81) 3492-7777

Follow-Ups:
- Re: (in)SECURITY: mozilla-bonobo
  - From: Sean Middleditch

References:
- Re: (in)SECURITY: mozilla-bonobo
  - From: Christian Glodt
- Re: (in)SECURITY: mozilla-bonobo
  - From: Fabio Gomes
- Re: (in)SECURITY: mozilla-bonobo
  - From: Jean Bréfort

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]