Querying Collections from dbus
Ian Monroe
ian.monroe at gmail.com
Fri Feb 20 16:04:25 CET 2009
On Fri, Feb 20, 2009 at 8:46 AM, Jeff Mitchell <mitchell at kde.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ian Monroe wrote:
>> On Thu, Feb 19, 2009 at 6:35 AM, Jeff Mitchell <mitchell at kde.org> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Maximilian Kossick wrote:
>>>> In Amarok 1.x series external applications depended on Amarok's
>>>> database schema. At least one popular application broke when a major
>>>> update to the schema occured. External applications should access
>>>> official interfaces which are (hopefully) designed to stay backwards
>>>> compatible. And there's the script console for debugging purposes.
>>>>
>>>> On Wed, Feb 18, 2009 at 12:13 PM, Casey Link <unnamedrambler at gmail.com> wrote:
>>>>>> A simple SQL pass-through method is a really bad idea imo.
>>>>> Any particular reason?
>>> Also, a malicious script that does a massive DELETE or even DROP.
>>>
>>> Using something like an XML schema that Max suggested, we could filter
>>> out dangerous commands if we felt it a good idea.]
>>
>> A malicious script could just delete your home directory rather then
>> run some D-Bus commands, lol. :)
>
> Fair enough. But there is also the case of something that is
> accidentally malicious -- i.e. a script with a DELETE that has improper
> syntax. :-)
Well yea I think we should provide a QueryMaker api. Raw SQL access isn't great.
Ian
More information about the Amarok-devel
mailing list