It is conceivable that someone might want to install a read-only installation of the Chandler executable and deny users the ability to run with extensions.
Right now this is not possible without changing the code. I know of at least the following ways you can tamper with a Chandler instance about to start: * command line argument --parcelPath (or -p) * command line argument --profileDir (or -P) * command line argument --restore (or -r) * command line argument --scriptFile (or -f) * environment variable PARCELPATH and to some extent * --locale (or -l) * --create (or -c) * --createData (or -C) Also, if users have any access to the profile directory outside of Chandler, they could manually change their repository. Potentially the only way around this would be to run with --ramdb (or -d). Finally, since Chandler can be started with an internal webserver this opens another road into Chandler. I don't think we have looked at this from security perspective yet. So add --webserver (or -W) to the potentially unsecure startup options. -- Heikki Toivonen
signature.asc
Description: OpenPGP digital signature
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Open Source Applications Foundation "Dev" mailing list http://lists.osafoundation.org/mailman/listinfo/dev
