> > Firstly, "the sky isn't falling, the risks posed by the gadget API > already > existed elsewhere in Windows generally, but this is another new attack > surface without any legacy dependencies". This is my general view on > the > gadget API. >
Yahoo widgets. > Finally, why on earth does the trust model for gadgets consist of full > trust > and nothing more. Why not allow gadgets to state in their manifest > that for > example they don't need to execute things, won't make use of ActiveX > controls > and will only connect to a specific host? > Or have the OS force a restrained environment for them to run within. The usability and convenience offered by them isn't worth the opportunities they proffer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
