• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Color Management for iPad?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Color Management for iPad?

  • Subject: Re: Color Management for iPad?
  • From: Graeme Gill <email@hidden>
  • Date: Tue, 09 Aug 2011 09:27:21 +1000
Tom Lianza wrote:
Hi,

> There are two distinct issues here.  On the server side, one assumes that
> the builder of the web page is responsible for content so security per se is
> not that much of an issue, except that the ICC profile allows for
> proprietary tags so by definition, there is a potential issue with unknown
> BINARY data and a potential for downstream corruption.

I don't really see this. Proprietary tags exist within the tag framework,
and can/will be ignored.

> On the client side,
> if you are going to execute a fully color managed workflow inside the
> application, the web application/browser, must interact with specific client
> generated data, this is a security no-no.  There are fairly well defined
> mechanisms for accepting specific client data (desktop physical extent, etc)
> that is absolutely necessary for the browser to run.  Opening and capturing
> an ICC profile is NOT one of those secure API's.

Sorry, I'm not really following you. There is no need for client
data like a source ICC profile to be taken within a secure context (kernel).
System services for such things can (should!) run as user mode.
It isn't that difficult to parse an ICC profile in secure manner
(ie. avoiding any possibility of buffer or integer overflow) if
the right approach is taken.

> different APIs for color management, so the code that was specifically
> designed to be non-OS specific suddenly becomes very specific. If you look
> into the WebKit code, you will see some of the specific issues.  It can be
> handled on a platform, by platform basis, but it is quite a bit of work.

That seems to be the story with color though, programmers are lazy about it.
They're lazy in understanding it, lazy in using API's that exist,
and lazy in standardising it. If all you are dealing with is RGB display systems,
and the hardware folks have made them (sort of) respond a bit like sRGB,
then it's tempting simply to ignore the whole thing (which seems what's
happened with iOS).

Graeme Gill.
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Colorsync-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Color Management for iPad? / securiry issues
      • From: Jan-Peter Homann <email@hidden>
References: 
 >Re: Color Management for iPad? (From: Tom Lianza <email@hidden>)

  • Prev by Date: Re: Colorsync-users Digest, Vol 8, Issue 175
  • Next by Date: Re: Color Management for iPad? / securiry issues
  • Previous by thread: Re: Color Management for iPad?
  • Next by thread: Re: Color Management for iPad? / securiry issues
  • Index(es):
    • Date
    • Thread