Christian Ridderström wrote: > I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid > of use of needauth converters' and unchecked 'Use needauth option'. Then I > opened a LyX doc with a gnuplot script. Result: LyX tried to run the script > due to the preview, without asking or alerting me. > > In my opinion this demonstrates a case where the security is _not_ good > enough, as I don't think it'd very difficult to trick someone into > unchecking these boxes.
I think at the end it boils down to the question whether we rather want LyX for unaware users who can't handle any responsibility or we want to allow advanced features for more hackish crowd of people. I obviously stay in the hackish campground ground but understand your fear for the poor. I would offer two quick options here: 1. Rename 'Forbid of use of needauth converters' to something scary so users have red flag. 2. Let the machinery alive, but move the flags from UI to RC files, and forcing people to edit them, so they have time to think what they are doing instead of randomly clicking. I disagree though that we should ban needauth mechanism right now and if the argument really is that I can trick someone into unchecking whatever I want, then I can directly trick him into writing rm -rf / on the commandline. Pavel