Re: A small security feature proposition

From: Grzegorz Staniak <gstaniak zagiel pl>
To: David Mohring <heretic ihug co nz>
Cc: gnome-list gnome org
Subject: Re: A small security feature proposition
Date: Wed, 14 Jun 2000 09:52:46 +0200

David Mohring wrote:

Hello, and sorry for answering late,

> A more constrained approach would probably be better.
> 
> gnome-script - Safer XML scripting
> 
> Create a list of approved "external file" operations in the
> same vain as the gnome mime file type list.
> 
> Each operation would have
>    a unique identifier,
>    a list of "security area group" groups to grant/deny access,
>    a script to check the parameters,
>    a shell/bonobo/file template to call the operation/access the file
>    and an optional template with the returned filename.
> 
> Embed the operations in the gnome xml documents by having the
> gnome-script in XML with its own name space.
> 
> Non-destructive operations/files would have a "security area" of "any".
> 
> Grant/Deny embedded script access to other operations/files based on
> having the required digital signature (see
> http://www.w3.org/TR/xmldsig-core/) for the "security area group".
> 
> This way you could have active document scripting on a case by case
> basis.

This sounds just great and is definitely - IMVHO - a good systmatic
solution to the problem (though I still think giving the user control
over file attributes would be nice). Is that the way it's going to be
done in Evolution? 

> David Mohring - "Only you can prevent forest fires"

-- 
Grzegorz Staniak <gstaniak@zagiel.pl>

References:
- A small security feature proposition
  - From: Grzegorz Staniak
- Re: A small security feature proposition
  - From: David Mohring

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]