Re: ANN: imsep 0.6

On Thu, 2004-10-21 at 16:20 +0100, Gustavo J. A. M. Carneiro wrote:

>   What about DoS attacks?  If I accidentally attempt to load an image
> from the network, that image could be very large, consequently
> monopolising the imsep process, thus denying other applications of its
> services for a while.

The plan is to make the loader multithreaded.  That will solve the
problem of large images.  This should be pretty easy to do.

>   Another issue is, doesn't this introduce additional delay? 

Yes, but on my machine, it seems fairly negligible for typical image

>  Maybe this
> module should only be invoked (explicitly) for content coming from
> untrusted sources.

If the GTK+ team is willing to add an API such that applications can
explicitly mark an image as untrusted, I think it makes sense to support
that as an option in the Imsep gdk-pixbuf loader.  However, my feeling
is that a regexp exclude for /usr/share should be sufficient.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]