Hi all, by using QML, there is a thing that strikes me: it makes really easy to do little snippets of code that can be installed any time, maybe even distributed from the network. It's really easy to distribute things such as
a) minimal apps wrote in qml only, loaded by an unique trusted application that is merely a "shell" for it. MeeGo tablet does it for its default applications, in KDE we are doing it for desktop widgets of the Plasma workspace b) plugins/addons for c++ applications, in this case too one would like some kind of sandboxing to not let an extension doing dangerous things. but as far i understood, there is no way to have any protection. well, there is regarding network access, because i can change the networkaccessmanager from c++, so even providing one that forbids any remote urls, if i want. however there is nothing for local files: i can always open absolute paths in elements such as Image and Loader and "import" any plugin installed system wide, plugin that could be written in c++ and being potentially very dangerous (is true that apps shouldn't install c++ plugins by themselves and not potentially dangerous things anyways, but what should happen and what will happen are two really different concepts ;)) this makes actually impossible for any application that wants to load any kind of extensions written in qml to have any kind of sandboxing, not good at all for security. a solution, that sounds simple in practiche (not sure how implementable) is something similar to the pluggable networkaccessmanager. being able to tap resolution of path names and eventually change or forbid some. anything about a security model would have then to be implemented by subclasses. of course won't be possible to avoid passing absolute paths to custom c++ plugins, but would be possible to do some checks when the import statement is performed (so not loading potentially troublesome c++ plugins) and in the stock base components. how feasible seems that? and is anything about sandboxing planned at all? (maybe for qml2?) Cheers, Marco Martin _______________________________________________ Qt-qml mailing list [email protected] http://lists.qt.nokia.com/mailman/listinfo/qt-qml
