kdemultimedia/kaboodle
Koos Vriezen
koos.vriezen at xs4all.nl
Sun May 19 10:50:51 BST 2002
On Sat, 18 May 2002, Neil Stevens wrote:
> > Note, there are differences between DCOP and LiveConnect. With DCOP the
> > c++ program has to know the exported function and especially the
> > generated signals (events) in advance. With LiveConnect, only the
> > JavaScript programmer (which is an user) needs to know.
> > And there are some security issues, you don't want to expose all the
> > DCOP functions to a web page.
>
> Well, if you consider this a security risk, you need to make the whole
> thing configurable, make it off by default, and give it a big mean
> warning. Or, let's not put it in at all. You can't expect every author
> of a KPart to write his plugins to be secure from remote scripting. It's
> guaranteed to open a hole sooner or later.
No, I don't think exposing play/stop/setLooping/onFinished of a
mediaplayer is a security risk. But using the DCOP functions is.
Only few existing KParts are candidates for LiveConnect, KMediaPlayer,
kghostview, nspluginviewer, Java (however kjas isn't a KPart). Also IE
shows a MSMediaPlayer and Acrobat PDF Viewer as applets with these EMBED
tags. Wouldn't be surprised if there were scriptable too.
LiveConnect is just a >possibility< to allow scripting from a host
application.
But maybe a config option for this, like enabling JavaScript/Java/NSPlugin,
is appropriate.
Regards,
Koos Vriezen
More information about the kfm-devel
mailing list