Hi Kim,
> window.external is exposed to the IE DOM as a custom
> object reference into the host...
> var xmlHttp = window.external.createObject("Microsoft.XmlHttp");
Excellent idea!
Glenn,
> How difficult/easy is it to write malicious searches?
Unfortunately, it's not difficult at all. However, just because it's not
difficult doesn't mean it would be easy to get someone to abuse it. And
since we have such a large group of developers here reviewing code and
searches for functionality and to see how they work, the chance that a
malicious search would be included in the distribution is near
impossible.
For example, it's possible to return javascript that'll create a
filesystemobject and delete a folder - which can be executed dynamically
(without having to include the js directly within the search) using
eval() or window.execScript().
Again, getting that malicious code to the client is not easy. And if the
DQSDHost COM object cannot be created in any other context then it's
nearly impossible for it to be abused this way. You'd have to install a
malicious search manually, through the searchinst function (IIRC) or by
copying the file there. Or use an existing search that autoparsed a
remote location for content that it then executed. Something like
comix() or rssx(), but with the addition of an eval() or a
window.execScript() statement in the search itself.
Now, since DQSD /does/ automaticaly parse all script files within the
searches and localsearches folders, it would be possible to execute code
in the context of your user if someone had write access to the DQSD
installation folder - to create a malicious file there. This is a rather
poor attack method though, since anything that had write access to that
folder could already potentially do significantly more direct damage to
the system than what DQSD would ever be capable of. Using DQSD as a
trojan infection vector would be like using a nuke to blow open a lock
to gain access to a hammer. It's so illogical that it's unlikely to ever
happen.
Regards,
Shawn K. Hall
http://12PointDesign.com/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Archive: https://lists.sourceforge.net/lists/listinfo/dqsd-devel
