On Wed, Jul 16, 2003 at 08:27:12PM -0400, Robert L Krawitz wrote:
- to be able to execute some Java code out of a (virus-altered) GIMP
image (Gimp Graphics Archive) takes:
* a person running java -jar picture.gga
* some smart program looking inside the image, recognizing the
At 5:35 PM +0200 7/16/03, Sven Neumann wrote:
I don't think we should use a compressed archive. Instead the binary
data in the archive should be compressed.
I agree - and that's what ZIP/JAR allow for - some
files/blobs are compressed, and some are not. You could either use
the built-in
On Mon, Jul 14, 2003 at 10:16:28AM -0400, Leonard Rosenthol [EMAIL PROTECTED] wrote:
At 08:38 AM 7/14/2003 -0400, Robert L Krawitz wrote:
What happens if in the future someone writes a gimp-java interface
(like gimp-perl)? Would there be any security issues there?
No.
I do not
On Wed, Jul 16, 2003 at 12:42:49PM +0200, Marc A. Lehmann wrote:
What happens if in the future someone writes a gimp-java interface
(like gimp-perl)? Would there be any security issues there?
No.
I do not believe people like you.
Sorry, but how can you so bluntly claim
Hi,
[EMAIL PROTECTED] (Tino Schwarze) writes:
I think, the security argument against JAR is very far-fetched.
A JAR is basically a ZIP with a META-INF directory containing a
MANIFEST.MF file. That's it.
There is a lot of code around for creating / reading ZIP files - I'm a
bit worried
On Wed, Jul 16, 2003 at 05:35:42PM +0200, Sven Neumann wrote:
I don't think we should use a compressed archive. Instead the binary
data in the archive should be compressed. That allows to choose the
best compression scheme for the data and to combine different
compression techniques in the
Date: Wed, 16 Jul 2003 16:12:37 +0200
From: [EMAIL PROTECTED] (Tino Schwarze)
On Wed, Jul 16, 2003 at 12:42:49PM +0200, Marc A. Lehmann wrote:
What happens if in the future someone writes a gimp-java interface
(like gimp-perl)? Would there be any security issues there?
Sven Neumann wrote:
Excuse me?!?! JAR is used by every Java implementation in
existence, and since it is 100% compatible with ZIP, means you have
all of those implementations as well.
Java is not exactly what I would call well established, but that's not
a relevant argument here.
One
At 7:16 AM -0500 7/14/03, Stephen J Baker wrote:
One issue we should at least think about with JAR is that since it *is*
the JAVA library mechanism, there is perhaps a risk of allowing virus writers
to attach bits of JAVA executable in what *appears* to be a GIMP image.
If you don't open up the
At 02:34 PM 7/11/2003 +0200, Sven Neumann wrote:
XML is very well suited to describe the structure of a multi-layered,
multi-framed image/animation and it can be used perfectly to embed
meta information as well as vector layers, paths and the like. XML
namespaces make it easy to add
On Fri, Jul 11, 2003 at 10:08:55AM -0400, Leonard Rosenthol [EMAIL PROTECTED] wrote:
A JAR is a special type of ZIP archive, which contains one or more
data files along with an XML manifest about the contents. I've worked
on a number of projects (both commercial and open) that have
11 matches
Mail list logo