Fwd: Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)

From: Hubert Figuiere (hub@nyorp.abisource.com)
Date: Wed Jan 22 2003 - 06:04:39 EST

Next message: Hubert Figuiere: "Fwd: Re: Re[2]: INS"

Previous message: Hubert Figuiere: "Fwd: Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)"
In reply to: Omer Zak: "Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)"
Next in thread: Kenneth J. Davis: "Re[4]: INS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

----- Forwarded message from owner-abiword-dev@abisource.com -----

Message-ID: <3E2E5F1B.2090205@mail.microbsys.com>
Date: Wed, 22 Jan 2003 01:06:35 -0800
From: "Robert G. Werner" <rwerner@mail.microbsys.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Omer Zak <omerz@actcom.co.il>
Cc: AbiWord Developers <abiword-dev@abisource.com>
Subject: Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)
References: <Pine.GSU.4.30_heb2.09.0301221014310.29840-100000@actcom.co.il>
In-Reply-To: <Pine.GSU.4.30_heb2.09.0301221014310.29840-100000@actcom.co.il>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Omer Zak wrote:
[snip]

> I agree that this is a big risk of improperly-designed macro/scripting
> mechanism.
>
> I wonder if it is possible to reduce the risk (taking into account human
> behavior and social engineering issues) by clean separation between
> documents and scripts. How do we define templates so that they'll be
> safe (social engineering-wise)?
[snip}

I agree with you about separating the "scripting" from the document
you are creating (In fact, just as I was reading that sentence
('reduce the risk ...', I think) I thought well why not have two
separate files and make the user consciously choose (through a dialog
or something) to run the 'scripted' part.

I also like the point about social engineering. If the script is
separate, then people must make a conscious choice to pass the script
along with the document. Thus preventing the automatic spread of
malicious code.

I think the current infrastructure in Abiword is close to what you are
proposing. Certainly, we are currently relying on the various
interpreters being availabel to Abiword (perl, best supported, but
theoretically, anything that has an Abiword plugin available). Some
convenience stuff, might be some way to associate a 'script' or
'macro' with a particular Abiword doc. But then again, just adding
the two scripts to your email would be easy enough.

That discussion is probably post 2.0 (Word was up to version 5 IIRC
befor it got much of a scripting language ;-P).

Anyway, sounds like you and I agree and as the 'man' said, "There is
no better test of a man's intellegence than the degree to which he
agrees with you." Thus, I find you highly intellegent ... ;-)

-- Robert G. Werner rwerner@mail.microbsys.com 2001/9/11

I'd rather push my Harley than ride a rice burner.

----- End forwarded message -----

Next message: Hubert Figuiere: "Fwd: Re: Re[2]: INS"
Previous message: Hubert Figuiere: "Fwd: Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)"
In reply to: Omer Zak: "Re: Code patches vs. macros vs. plugins (was: Re: Re[2]: INS)"
Next in thread: Kenneth J. Davis: "Re[4]: INS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jan 22 2003 - 06:04:43 EST