[Adium-devl] Out of process plugins (was: Distant objects)
Colin Barrett
timber at lava.net
Tue May 8 06:34:16 UTC 2007
On May 4, 2007, at 5:37 AM, Joe Ranieri wrote:
> In terms of security, you *might* be that you could deny access to
> incoming connections based on bundle ID or something. So you could
> have a dialog saying that Process Xylophone wants to access Adium and
> that it could be a security problem (because the process would have
> access to all of the controllers and from that, passwords, etc).
I'm not sure why that'd be a security issue. We shouldn't store
passwords in memory, ever. That's what keychain is for. Plenty of
other apps provide an API other processes can interact with. It may be
that we don't want to expose certain functionality via DO for Adium,
but I can't really think of a whole lot.
If there is hostile code running on the system, the user is pretty
much hosed anyway. In most cases they were probably socially
engineered into installing it, and even if we require the user to
authenticate or allow things to connect to Adium, that same social
engineering trick works ("but I *want* to use Gator, why would I deny
them access to something it says it needs?").
I say do it, and force all plugins out of process. It'll be a win for
us in terms of forcing people not to use private APIs and keeping
plugins from crashing Adium. Although I can be convinced otherwise ;)
-Colin
More information about the devel
mailing list