On Thu, Aug 14, 2008 at 05:07:09PM +0100, Richard W.M. Jones wrote: > On Thu, Aug 14, 2008 at 03:15:19PM +0100, Daniel P. Berrange wrote: > > Am I understanding this correctly, that it'll launch the virt-viewer > > program immediately upon loading the HTML page containing the plugin > > <embed> snippet ? If so that's a huge security problem - you are > > spawning a program which is allowed to connect to any host on the > > internet. It is also a denial-of-service - malicous javascript > > could write a page containing thousands of <embed> snippets which > > would spawn thousands of processes. > > > > I'd rather expect the plugin to have a small embedded area in the > > HTML page showing the details of what host will be connected to, > > what port, and then a button which has to be explicitly pressed > > to launch the external viewer. > > Yes ... The trouble is if we do this, we end up needing to embed Gtk > widgets in the browser, which takes us back to square one. Yeah I guess that does really :-( I must be possible to get GTK reliably embedded though because I use Totem for movie playback and its embeding GTK ok Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| _______________________________________________ et-mgmt-tools mailing list et-mgmt-tools@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/et-mgmt-tools
