platform specific imports and import security
Aaron J. Seigo
aseigo at kde.org
Thu Sep 19 07:15:45 UTC 2013
On Wednesday, September 18, 2013 17:21:29 Marco Martin wrote:
> * security *
> ** forbid access to absolute paths that are ouside both the applet package
> and the import paths (implemented)
this means having a registry of permissions somewhere and a way to manage
those permissions. colour me excited, though, as this fills in a large
remaining gap.
> con: a QQmlAbstractUrlInterceptor needs to be installed in order to work, so
> works only for plasmoids at the moment (while we would want it to work on
> any qml app)
>
>
> A way to solve the con may be installing the QQmlAbstractUrlInterceptor in
> kdeclarative (therefore for plasmoids we would need to install a subclass of
> the kdeclarative one that knows also about plasma packages)
That makes sense imho ...
> The only thing i'm a bit concerned of (but hopefully shouldn't incide too
> much) is potential overhead mostly at startup, since it adds a *lot* of
> string comparisons (and possibly some filesystem lookup as well)
We’ll probably need to carefully take care of caching and namespacing tricks
to mitigate this ...
--
Aaron J. Seigo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20130919/d8a1c7b8/attachment.sig>
More information about the Plasma-devel
mailing list