Security for launching from URL
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Mon Jul 7 15:23:24 EDT 2008
>
> Finally: Ivan do you see security implications in a future
> implementation of this approach which also allows the resulting
> changes to an object launched in this manner from being passed back to
> the invoking activity. For instance, consider a Website activity
> which you can import source images into, but allows you to select any
> of those images and say "Edit with [Paint]", which then automatically
> updates the image within the Website project as the Paint instance
> gets saved. I think this might be a nice alternative to true aliases,
> which can be confusing for kids, while encouraging inter-activity
> projects and development.
>
> - Eben
>
I definitely see security implications here. This is potentially a way for a
web page to launch Record, let the kid take pictures of themselves, and
upload those pictures to the web.
I think that the solution is that, when the result is to be passed back, the
sub-activity (Record) gets the intersection of its privileges and the
super-activity's (Browse). This would mean that the pass-back functionality
would become frequently useless for activities like Record and Measure which
rely on the mic/cam, and limited for activities like Tamtam which use the
mic/cam peripherally.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080707/f649b22f/attachment.html>
More information about the Devel
mailing list