RFC: On-demand package installation API in kdelibs
Sune Vuorela
nospam at vuorela.dk
Wed Jul 28 20:09:46 BST 2010
On 2010-07-28, Ivan ??uki?? <ivan.cukic at kde.org> wrote:
>> In a short while, evil websites will start do magic like
>>
>> if(khtml or qtwebkit) {
>> do_popup_asking_for_login_credentials();
>> send_credentials_to_evil_owner();
>> }
>
> I don't think anyone was intending to expose this API to html
> renderers (or anything similar for that matter).
they can be faked.
> It is like saying that today, the evildoers can do
>
> if (kdesu) {
> run_kdesu_to_run_something();
> }
The difference is, that currently we are not teaching the users that
such popups is normal.
currently, kdesu only pops up a dialog asking for passwords after
specific user actions.
This new api will be used at random times by random apps.
/Sune
More information about the kde-core-devel
mailing list