1.5 feature list
Thomas Zander
zander at kde.org
Fri Dec 23 13:12:27 CET 2005
On Friday 23 December 2005 12:29, Cyrille Berger wrote:
> > Adding a custom widget in an exiting krita dialog is a security risk
> > and should be researched very carefully anyway.
>
> why would this be more risky than executing the script it self ?
A script runs in a sandbox which means it can't reach your files and other
private stuff.
Adding a widget in a known dialog makes way for so called social attacks
and therefor the security barrier of the sandbox has gotten a lot less
well defined.
I'm no security expert, but I have seen security alerts based on such
things.
You probably will not be convinced this is an issue from my email, but
please do contact the security experts (dirk a.o.) on this issue before
krita goes that route.
> > I read it to mean that you can show any custom dialog on top of krita
> > to gather information from the user.
>
> And we will end with the same interface as the gimp with a lot of
> unconsitency.
Well, my offer to go over such guis and beat them into shape still stands,
and like I said in a previous discussion; no matter what technical things
you do, developers will always find a way to make rotten UIs. :)
--
Thomas Zander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kimageshop/attachments/20051223/37e80c13/attachment.pgp
More information about the kimageshop
mailing list