<table><tr><td style="">subdiff added inline comments.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D1231" rel="noreferrer">View Revision</a></tr></table><br /><div><strong>INLINE COMMENTS</strong><div><div style="margin: 6px 0 12px 0;"><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D1231#inline-36096" rel="noreferrer">View Inline</a><span style="color: #4b4d51; font-weight: bold;">Kanedias</span> wrote in <span style="color: #4b4d51; font-weight: bold;">remote_access_interface.cpp:206</span></div>
<div style="margin: 8px 0; padding: 0 12px; color: #74777D;"><blockquote style="border-left: 3px solid #a7b5bf; color: #464c5c; font-style: italic; margin: 4px 0 12px 0; padding: 4px 12px; background-color: #f8f9fc;"><p style="padding: 0; margin: 8px;">Can a rogue client do it though? This would crash the server then?</p></blockquote>
<p style="padding: 0; margin: 8px;">Yes, I guess so... What would you propose? Should we send it only to first bound? Or last one?</p>
<p style="padding: 0; margin: 8px;">P.S. Even more: this interface has no authentication/authorization at all, so any client can connect and steal our video buffers.<br />
Martin said that first version of protocol can go without it and we can readd it later (as with fakeinput protocol).</p></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">Only first bound like you do it now. Just remove the Q_ASSERT (and make sure <tt style="background: #ebebeb; font-size: 13px;">boundScreens.size() >= 1</tt>, otherwise continue).</p>
<blockquote style="border-left: 3px solid #a7b5bf; color: #464c5c; font-style: italic; margin: 4px 0 12px 0; padding: 4px 12px; background-color: #f8f9fc;"><p style="padding: 0; margin: 8px;">no authentication/authorization at all</p></blockquote>
<p style="padding: 0; margin: 8px;">That's a generic problem yet to be solved on Wayland / the Linux desktop. This also correlates with the push to containerized apps. I would just want something like the permission system in Android, but there might be better solutions. It's a bigger project for sure.</p>
<p style="padding: 0; margin: 8px;">Also see here for some early thoughts on it, which to my knowledge until now did not lead to anything more: <a href="http://www.mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/" class="remarkup-link" target="_blank" rel="noreferrer">http://www.mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/</a></p></div></div></div></div></div><br /><div><strong>REPOSITORY</strong><div><div>R127 KWayland</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D1231" rel="noreferrer">https://phabricator.kde.org/D1231</a></div></div><br /><div><strong>To: </strong>Kanedias, graesslin, davidedmundson<br /><strong>Cc: </strong>subdiff, ngraham, alexeymin, Frameworks, davidedmundson, plasma-devel, leezu, ZrenBot, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, eliasp, sebas, apol, mart, hein<br /></div>