Re: New Spotlight Info
Re: New Spotlight Info
- Subject: Re: New Spotlight Info
- From: j o a r <email@hidden>
- Date: Tue, 9 Nov 2004 22:12:13 +0100
On 2004-11-09, at 21.32, Shaun Wexler wrote:
So I can post an evil application which, when visible to the Finder,
will be scanned and have its malicious MD plug-in loaded and executed
(because its Resources also contain a file of the type handled by the
plug-in), all without requiring the user to actually launch the
offending app? Cool. That removes all user intervention from our
obstacles. Now all I need to do is post a misleading URL link...
That's basically how the applications themselves work. It was just
recently that a check for first launch of an app to handle a document /
protocol was implemented. Why not simply do the same thing for
importers? That should at least bring them to the same level of
security as is provided by the OS for unknown applications, or am I
wrong?
Security is of course an important consideration, but I'm not sure that
it's worthwhile to hash out the details on this list. I take for
granted that it's something being actively considered by the team
implementing this at Apple. Should they screw up, there's always
10.4.1...
j o a r
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden