[Adium-devl] Out of process plugins (was: Distant objects)

Ofri Wolfus ofri.wolfus at gmail.com
Fri May 4 13:07:52 UTC 2007 

So instead of sharing AIAdium, share a proxy to it, and before the  
proxy will forward any messages to AIAdium, the other side must  
authenticate with it using whatever mechanism we decide. In practice,  
the other side sees a "locked" AIAdium that is "unlocked" only once  
you authenticate with it. Attempts to message the proxy before  
authenticating will just be denied and/or reported/logged to the  
user. This way there's no need to bother the user with trusted  
processes attempting to connect, and only untrusted attempts will be  
reported.

- Ofri

- - - - - - - - - - - - - - - - - - -
http://www.dpompa.com
- - - - - - - - - - - - - - - - - - -


On 04/05/2007, at 15:37, Joe Ranieri wrote:

>>> Not exactly what I had in mind, hehe. I was thinking more of an
>>> iChatAgent style daemon (which I've dubbed DaemonDuck :-P). I've
>>> started at refactoring out stuff to do this but it'll take a  
>>> while...
>>>
>> So, you mentioned when posting about the plugin / hack to get Mail
>> to use Adium presence information that this could be done more
>> cleanly with Adium allowing out-of-process access as you suggest
>> here.  Was that with the idea of a 'daemon' in mind, or something
>> else?
>
> It could be done without it; I just thought that having a daemon was
> the route Adium was going anyways. The small patch I mentioned
> earlier would make out-of-process access doable - it's just exposing
> the shared AIAdium instance to the rest of the apps on the computer.
>
> In terms of security, you *might* be that you could deny access to
> incoming connections based on bundle ID or something. So you could
> have a dialog saying that Process Xylophone wants to access Adium and
> that it could be a security problem (because the process would have
> access to all of the controllers and from that, passwords, etc).
>
> NSConnection has two delegate methods -
> authenticateComponents:withData: and authenticationDataForComponents:
> - but it seems they're only for ensuring the integrity of the data
> and not seeing if the connection should be allowed... There's the
> NSConnection object that has a sendPort property (NSPort, but for
> this it's a NSMachPort) and I don't see a way to go from an
> NSMachPort / mach_port_t to a pid_t... So I'm not sure if denying
> based on some criteria is possible.
>
> -- Joe Ranieri
>
> _______________________________________________
> Adium-devl mailing list
> Adium-devl at adiumx.com
> http://adiumx.com/mailman/listinfo/adium-devl_adiumx.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20070504/50f3c767/attachment-0001.html>

More information about the devel mailing list