Am 17.08.2010 08:51, schrieb Alex Vincent: > I'm looking for feedback on what the best route is: just how much trust > should I give scripts in these data documents, and if I should start > thinking about ways to keep the whole kit & kaboodle in a sandbox.
I'd say it depends on what message you attach to those "data documents" and the user perception. Will users consider them "extensions"/"addons" of some kind? Then they will perceive them as programmable and possibly dangerous and hence will (hopefully) execute only "data documents" from trusted sources. Add some scary warnings, like the ones when installing addons and you're good. If users consider those "data documents" to be real documents, not software, then they won't expect to get pwned from merely opening them; just like opening html, pdf, xml shouldn't cause any harm. But in security the best idea always is the principle of least privilege, so implement a Sandbox if feasible. Cheers Nils _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
