Hi Shawn, > And since we have such a large group > of developers here reviewing code and searches for > functionality and to see how they work, the chance that a > malicious search would be included in the distribution is > near impossible.
Yup, I'm more worried about third-party searches installable by httpinst (searchinst was close enough :-)), and other unintended installation methods (i.e. using an exploit in another program to install a search in DQSD, and then use DQSD's elevated privs to do more damage more easily). > Using DQSD as a trojan infection vector would be like using a > nuke to blow open a lock to gain access to a hammer. It's so > illogical that it's unlikely to ever happen. You have a point, but the number of hacks I've seen lately are beyond illogical... Anything that puts the user in a situation where they can't decide for themselves what they want to allow or not is less than ideal, IMO. And that includes the IE security features in XP SP2 :-) I agree that the idea of someone exploiting DQSD, of all apps, to take control of someone's machine is pretty hilarious, but I guess that's what the guys building the .WMF file format [1] thought as well (had they been concerned with security). [1] http://www.grc.com/wmf/wmf.htm - Kim ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Archive: https://lists.sourceforge.net/lists/listinfo/dqsd-devel
