kdemultimedia/kaboodle

[Neil Stevens]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday May 18, 2002 06:49, Koos Vriezen wrote:
> Ok, since you wrote that too, I will send you the patch in advance this
> time ;-).

thanks

> Note, there are differences between DCOP and LiveConnect. With DCOP the
> c++ program has to know the exported function and especially the
> generated signals (events) in advance. With LiveConnect, only the
> JavaScript programmer (which is an user) needs to know.
> And there are some security issues, you don't want to expose all the
> DCOP functions to a web page.

Well, if you consider this a security risk, you need to make the whole 
thing configurable, make it off by default, and give it a big mean 
warning.  Or, let's not put it in at all.  You can't expect every author 
of a KPart to write his plugins to be secure from remote scripting.  It's 
guaranteed to open a hole sooner or later.

> Also note, the Java LiveConnect is AOL/Netscape based, the KPart
> LiveConnect is KDE specific.

Sure, the implementation is KDE specific, but the API is mimicing the AOL 
thing.

- -- 
Neil Stevens - neil at qualityassistant.com
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE85yI1f7mnligQOmERAqWUAJ9LDvMIIxJz/bj/OGg4xNma230YLwCfVd21
wY4tIaG6HAZ99+4NaoSLnxE=
=WbPQ
-----END PGP SIGNATURE-----