[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua Browser Plugin
- From: David Given <dg@...>
- Date: Wed, 01 Aug 2007 14:41:03 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ketmar Dark wrote:
> hello, David Given <dg@cowlark.com>.
[...]
>> Can the plugin download Lua code off the 'net and run it? Because if
>> so, this is a huge security risk --- it's not so much as a security
>> hole as a huge gaping abyss! And if it does so without asking the
>> user first (every time), then it probably also counts as a back
>> door...
> hm... i always knows that java is a trojan. it does exactly so.
The Java plugin only runs sandboxed code --- it's very heavily restricted as
to what it can do, which makes it safe. The OP's Lua plugin can run arbitrary
Lua scripts (if I understood what he said correctly).
- --
┌── dg@cowlark.com ─── http://www.cowlark.com ───────────────────
│
│ "There does not now, nor will there ever, exist a programming language in
│ which it is the least bit hard to write bad programs." --- Flon's Axiom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGsI1vf9E0noFvlzgRAvrkAKC9eYCcbulOmw/UqYTeQmfRHK9VtwCfakus
4oj7M+WQKZfqgvMFVBDjX9s=
=IW77
-----END PGP SIGNATURE-----