On Thu, Aug 14, 2008 at 03:15:19PM +0100, Daniel P. Berrange wrote: > Am I understanding this correctly, that it'll launch the virt-viewer > program immediately upon loading the HTML page containing the plugin > <embed> snippet ? If so that's a huge security problem - you are > spawning a program which is allowed to connect to any host on the > internet. It is also a denial-of-service - malicous javascript > could write a page containing thousands of <embed> snippets which > would spawn thousands of processes. > > I'd rather expect the plugin to have a small embedded area in the > HTML page showing the details of what host will be connected to, > what port, and then a button which has to be explicitly pressed > to launch the external viewer. Yes ... The trouble is if we do this, we end up needing to embed Gtk widgets in the browser, which takes us back to square one. I'll raise this on #virt, see if we can talk through the issues again. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://et.redhat.com/~rjones/virt-top _______________________________________________ et-mgmt-tools mailing list et-mgmt-tools@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/et-mgmt-tools
