[sugar] Clicking links (was Re: sugar roadmap)
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Fri Apr 11 15:52:34 EDT 2008
On Fri, Apr 11, 2008 at 1:37 PM, Eben Eliason <eben.eliason at gmail.com>
wrote:
> On Fri, Apr 11, 2008 at 11:15 AM, Bert Freudenberg <bert at freudenbergs.de>
> wrote:
> >
> > On 11.04.2008, at 07:12, Eben Eliason wrote:
> > > On Fri, Apr 11, 2008 at 10:03 AM, Jameson Chema Quinn
> > > <jquinn at cs.oberlin.edu> wrote:
> > >> I'm assuming that the data would only go one way. In that case, the
> > >> permission would be, an app without P_NETWORK would not be able to
> > >> request
> > >> opening of apps with P_NETWORK. No new permissions needed, just
> > >> careful
> > >> attention to the ones we have.
> > >
> > > Sorry, I'm not sure I understand this particular requirement. The
> > > activity launched will be completely isolated from that which
> > > requested it. Why would we need to make this statement hold? If I
> > > have, for instance, chosen to trust my web browser to use P_NETWORK,
> > > then why should it matter that it was asked to launch by something
> > > that didn't?
> >
> >
> > Because a malicious activity could encode a private document as URL
> > and have the browser go to that URL, which would send it to any server
> > on the internet.
>
> Well, isn't that interesting. You have a point, there, and I don't
> see any good way around it.
>
One way would be to launch an instance of Browse without P_NETWORK (and, of
course, with a virgin configuration, which was deleted after running). You
could view your document locally, and P_NETWORK would not be violated.
If, in fact, this use case is considered important enough to be worth the
effort. I'd say that watching P_NETWORK as I suggested originally would be a
good enough first-pass solution that probably we'd never get a second pass.
> Well, perhaps a permission is in fact needed then. Of course, I still
> see that there could be worth in a service which allows activities to
> launch others. Perhaps the Develop activity eventually wants to
> launch an SVG editor for its icon. Perhaps Write wants to be able to
> embed links to other projects (as was initially mentioned as the use
> case) for writing tutorials. I'm not sure how to accomplish this.
>
> - Eben
Note that these use-cases can be done with the P_NETWORK scheme - assuming
that, instead of writing your tutorials in Write, you do it in Blog (which
may indeed by a special case of Browse), which makes more sense anyway.
(Yes, I am proposing a url format for activity launching - this is safe,
since the originating app would have P_NETWORK.)
Jameson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/sugar/attachments/20080411/3f04908e/attachment.htm
More information about the Sugar
mailing list