epoch1970;432655 Wrote: > I stand by my position, and it seems exactly the opposite of yours :) > - Mac users will give their trust, because of the SB brand, and > because they are not used to get a beating every time they do something > with their computer. > - And your code could be modified overnight (by you or anyone with > access to the SVN repo on google) to store the password, send it over > the net, etc. Entering the password in the context of a web browser > makes it prone to hijacking. > > Unless the "recommended plugins" are sanctified through an MD5sum or > something to ensure they stay recommendable? > > Anyway, I'm neither you, nor Logi/Slim. I am not being critical. I just > think pondering the issue is important. Yes, if someone gains unauthorized access to the google code page, they could, in fact, tinker with the code and wreck havoc. However, keep these facts in mind:
Uploading to google code requires two passwords: the google code account password which can be made arbitrarily strong by the user and a 2nd password randomly generated by google code which is _very_ strong. Also, the repo file for the plugin contains a sha value which the extension downloader checks against the downloaded zipfile at install time. This isn't perfect security, by any means, but I think it covers the basics. -- gharris999 ------------------------------------------------------------------------ gharris999's Profile: http://forums.slimdevices.com/member.php?userid=115 View this thread: http://forums.slimdevices.com/showthread.php?t=48521 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
