Re: sftp module cant connect to new hosts



Fernando Herrera wrote:

Tue, Mar 16, 2004 at 02:57:38PM +0100, Mattias Eriksson escribis:

The removal of security from a security protocol can only be done if the
user is presented with a LARGE popup stating that "This connection is
insecure and everything sent here including personal data may end up on
the Internet", combined with at red flashing light and the music from
the shower scene in Psyco!

	As we cannot add this dialog just now because of the freeze and
if the "security voice" is saying that we have to fail without saying the
user why it is failing and how to solve it (and this will hapen in 90%
of scenarios) , the "usability voice" should say that we cannot ship
this module with a so broken behaviour. But maybe is also too late to
disable the module.

Salu2



I presume it's not possible to access any of the gnomeui from gnome-vfs. If it were, you could probably get around any localization issues by just taking the string generated by ssh and putting it in a standard gnome yes/no prompt.

Otherwise, it sounds like gnome-vfs needs a generic prompt callback mechanism that could be used by the modules to provide simple user prompts. Necko, the networking component of Mozilla has something like this called nsIPrompt that has proven useful in a number of last-minute situations. (nsIPrompt is just a simple prompt callback API that low-level code can invoke when it needs to prompt the user.) It might be good to add a generic prompt callback mechanism to gnome-vfs during the 2.8 dev cycle. Something added to gnome-vfs-standard-callbacks.h might be ideal.

I've just added gnome-vfs support to Mozilla, so that it can dynamically invoke gnome-vfs when it encounters a URL that it does not know how to handle internally. Right now, there's a whitelist that only includes smb:, and so it's pretty limited in use. I have a patch that enables support for sftp:, however, the security issues raised in this thread have made me think twice about enabling it by default. As an embedder of gnome-vfs, I would really like to have security dialogs for sftp before enabling it by default.

-Darin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]