[sugar] Clicking links (was Re: sugar roadmap)
Benjamin M. Schwartz
Fri Apr 11 16:16:13 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Eben Eliason wrote:
| In fact, this exploit could happen even without a launcher service.
| Any activity that wants to could write the users private data to the
| disk in a URL format, as an object, and give it a fun preview image.
| When the later discovers and becomes curious about it, she'll open it
| and send out her private data to whatever site the other activity
| wanted. Is there something in place to prevent this that I'm unaware
I would argue that there is no way around this, and that it should not be
seen as an exploit. Users must understand that any object produced by an
activity instance can potentially contain any information available to
that instance at that time.
The best we can do is to show the user which instances have written data
in each object, and which objects those instances had access to. That
list is the list of all private data that could potentially be enclosed in
each object. This is relevant not only to HTTP access but also to Sharing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Sugar-devel