>>>>> "Asger" == Asger K Alstrup Nielsen <[EMAIL PROTECTED]> writes:
Asger> The main problem I see with this approach is that the we will
Asger> end up with something similar to handling CGI-scripts in
Asger> Web-servers: LyX has to spawn an external interpreter, and this
Asger> is slow and insecure.
Agreed.
Asger> We will have no control over security: It will be dead easy to
Asger> implement a macro-virus in LyX. I'm not sure that we want to
Asger> do this. (Imagine that we have a code attached to a button.
Asger> When the users clicks on it, some arbitrary code will be
Asger> executed, and this code can for instance delete all files in
Asger> the users directory, or even worse send all of them over e-mail
Asger> without the user knowing. There are no ends to speculation --
Asger> history shows that this will very likely happen.)
That's an interesting idea. This would happen if we allow the
documents themselves to contain macros. I think that this is a bad
idea at this point of time.
Asger> Things are a little different when you go through the LyX
Asger> server as we have it now, because the user starts the
Asger> interpreter himself, and therefor is more likely to know that
Asger> there is a potential risk.
In fact, I'd like us to improve the lyx server and use it temporarily
as macro support. In fact, I am not sure that we will have time to
implement a macro language (that works in an useful way) and put it
to actual use for next major release. We already have a lot of major
things to do.
Asger> I'm sure you have all heard about the Microsoft Word macro
Asger> viruses... No reason to make the same mistake they did.
Can you be more specific on what we should/shouldn't do? I personally
think we should disable macros in documents completely. This is fancy,
but maybe not so useful.
Asger> And what is even worse: I worry when you are not here!
Do you fear that I run away with all the money?
JMarc
