Security for launching from URL

Jameson "Chema" Quinn jquinn at
Sun Jul 6 22:08:31 EDT 2008

The message had two points. In point 1, the simpler, I just pointed out that
downloading a file and opening it by mime type is equivalent, security-wise,
to having a special URL handler. A UI can be worked out to reduce the needed

In point 2, I basically argued that data should remember whether it came
from a possibly private (ie, P_MIC_CAM) activity. Applications with
P_NETWORK should refuse to open this data by default. This is relevant here
because the main danger of opening URLs in another activity is not data
(evil code) that go from Browse to another activity - bitfrost should handle
this - but data (such as private pictures encoded in the URL) that go from
other activities to Browse.

2008/7/6 Ivan Krstić <krstic at>:

> On Jul 5, 2008, at 9:27 AM, Jameson Chema Quinn wrote:
>> I do not think that URI's pointing to the local machine are what is needed
>> here.
> Please try to make your messages simpler, shorter, and more to the point. I
> often find them difficult to follow and give up. I didn't read this one
> after the first line, since you didn't quote my message in context and thus
> I don't know why you're discussing URIs pointing to the local machine.
> --
> Ivan Krstić <krstic at> |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Devel mailing list