Hello Rob, Thursday, April 26, 2007, 6:28:51 PM, you wrote: >> "Do you think that a command-line switch to allow the use of specified >> extensions is enough?"
RS> No. I'd rather we have an actually thought out security plan instead. RS> We could add an option like that for now, but it's be a temporary fix RS> when we should really focus on the correct solution, whatever that is. I'd like to *remind* that the MM player pops up a confirmation dialog when accessing the webcam, for example. This *could* be a solution for the FileIO problem too. Anyway, I see some important things: - extensions should be enabled at compile time explicitly (they will probably be used only for special cases) - the user should know in some way when a security relevant extension is being used by a movie (I would not want that my browser allows full file system access to any movie I see on a web page) - in certain cases, extensions should be allowed explicitly and without bothering the user (important for embedded designs) Udo _______________________________________________ Gnash-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnash-dev
