None in particular. However, I note that we have - since you invited
me to put this up as a placeholder, moreover - <a href="http://
groups.google.com/group/TiddlyWiki/browse_thread/thread/
8bdc3f1dca95c83b">a case of an infection</a> reported on the User
forum which is a case in point - the poster was in no way responsible,
but others could have been caught.
My general point is that ALL applications really should be, and should
be seen to be, security-aware - there will be no thanks if we start
getting on installation blacklists with MS and the like because we've
been somewhat careless, Windows 7 and upwards can be expected to
become increasingly alert to problems, and since there's some redesign
thinking going on, it's probably not a bad time to consider if any
precautions are needed to authenticate code in the Plugin upload
routines, for example. Not all users are programmers, and so not all
can be expected to be able to intercept a call to some nasty assembler
code hooked in to an otherwise anodyne href call to such a site, for
instance.
What might be sensible as a first-level protection would be to include
some form of CTC assessment of authenticated code in the field
specification for each tiddler, and to run it (offering an alert if
missing or not authenticated) before loading code tiddlers: it might
be an interesting question whether to include an assessment routine in
the standard package, for instance, or whether to have an independant
assessor - TiddlyVault or the like springs to mind, although I haven't
had the courtesy to ask them, for which I apologise. Others will
certainly be wiser in the subject than yours truly, however.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TiddlyWikiDev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/TiddlyWikiDev?hl=en
-~----------~----~----~----~------~----~------~--~---
