On Sep 29, 10:39 pm, "LWChris@LyricWiki" <[email protected]> wrote: > Am 29.09.2011 21:39, schrieb galdor: > > > While the current method is really nice for casual users, having a > > mechanism similar to pentadactyl would be useful for advanced users > > who regularly modify their scripts and use them on several computers. > > Indeed it would be cool if there was some way to select whether a script > is installed "static local copy for offline work" or "dynamic usage of > online sourcecode". But this is a too big security risk. You are > supposed to know what a script does when you install it. After that > step, there mustn't be a way to change the source code you execute by > manipulating the file you checked formerly when you installed. Otherwise > a perfectly safe script could be installed and then be modified to log > all passwords. When you notice it, it's already too late. We're talking about scripts stored on the same computer than the browser; there's no security risk: I modify _my_ script, I tell _my_ browser to use the modifications.
Of course the plugin should not update scripts from a remote source without confirmation, at least until scripts can be signed. -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en.
