Hi Dan,
there is no auto execute. The script actions have to be carried out by
hand using a menu item or key board short cut.
Thus, I don't see a problem. Nevertheless, I can easily add a warning
dialog with a "don't show me again" message.
API: yes, the scripts have access to everything, but my help in the wiki
should have said or says that it is ok to use the actions in
MindMapActions for map manipulation and they are sufficiently stable.
But as the scripts are basically scripted java, they
are subject to code changes, which is not dramatic IMHO. Restriction
isn't not easible possible, as the script language accesses everything
by reflection...
Yours, Chris
Dan Polansky schrieb:
> Hello team,
>
> perhaps prematurely, perhaps late, I am opening an important research
> and testing topic: the security of the scripting facility. The
> questions that worry me are the following:
>
> Q1: Can there be a malicious script in the mind map, one that tries to
> wipe out a user's hard drive?
> Q2: Can the scripts access all the public APIs of FreeMind Java code?
> If so, then when we change the APIs in a future release, we break a
> lot of user scripts.
> Q3: Related to Q1, is there a way to restrict the access of the
> scripting system to Java system classes, like File?
> Q4: Related to Q2, is there a way to restrict the access of the
> scripting system to a selected set of public interfaces?
>
> IMO all these questions need to be addressed before we can release the
> scripting system to the public. The worst, default solution that comes
> to my mind is to switch off the scripting facility by default, making
> it possible for the user to enable it; when the user tries to enable
> the scripting facility, she gets a warning that she should use the
> scripting facility at her own risk.
>
> Packages like Microsoft Office and OpenOffice can be looked for
> inspiration and a model for how to solve these issues.
>
> Best regards,
> Dan
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freemind-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/freemind-developer
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Freemind-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freemind-developer
