----- Forwarded message from [EMAIL PROTECTED] -----
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 22 Jan 2003 01:06:35 -0800
From: "Robert G. Werner" <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Omer Zak <[EMAIL PROTECTED]>
Cc: AbiWord Developers <[EMAIL PROTECTED]>
Subject: Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Omer Zak wrote:
[snip]
> I agree that this is a big risk of improperly-designed macro/scripting
> mechanism.
>
> I wonder if it is possible to reduce the risk (taking into account human
> behavior and social engineering issues) by clean separation between
> documents and scripts. How do we define templates so that they'll be
> safe (social engineering-wise)?
[snip}
I agree with you about separating the "scripting" from the document
you are creating (In fact, just as I was reading that sentence
('reduce the risk ...', I think) I thought well why not have two
separate files and make the user consciously choose (through a dialog
or something) to run the 'scripted' part.
I also like the point about social engineering. If the script is
separate, then people must make a conscious choice to pass the script
along with the document. Thus preventing the automatic spread of
malicious code.
I think the current infrastructure in Abiword is close to what you are
proposing. Certainly, we are currently relying on the various
interpreters being availabel to Abiword (perl, best supported, but
theoretically, anything that has an Abiword plugin available). Some
convenience stuff, might be some way to associate a 'script' or
'macro' with a particular Abiword doc. But then again, just adding
the two scripts to your email would be easy enough.
That discussion is probably post 2.0 (Word was up to version 5 IIRC
befor it got much of a scripting language ;-P).
Anyway, sounds like you and I agree and as the 'man' said, "There is
no better test of a man's intellegence than the degree to which he
agrees with you." Thus, I find you highly intellegent ... ;-)
--
Robert G. Werner
[EMAIL PROTECTED]
2001/9/11
I'd rather push my Harley than ride a rice burner.
----- End forwarded message -----
