[Adium-devl] Exposed preferences via AppleScript
Peter Hosey
boredzo at gmail.com
Thu Aug 16 14:08:28 UTC 2007
On Aug 16, 2007, at 03:36:46, Colin Barrett wrote:
> Definitely don't think we should allow account creation and
> deletion via AppleScript. That seems a bit dangerous.
Mitigations:
1. Only allow these if Adium is active. If you don't activate Adium,
you can't create or delete accounts from Adium.
2. When a script tries to do that, it presents a dialog box. Adium
doesn't reply to the event until the dialog box is answered. If the
request is refused by the user, Adium returns userCanceledErr.
> Allowing a script to pull your password out to plaintext also seems
> dangerous as well.
Fully agreed.
More information about the devel
mailing list