<br><br><div class="gmail_quote">On Tue, Sep 18, 2012 at 12:12 PM, Rémi Denis-Courmont <span dir="ltr"><<a href="mailto:remi@remlab.net" target="_blank">remi@remlab.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Le mardi 18 septembre 2012 19:02:40, Shane Phelan a écrit :<br>
<div class="im">> Are there changes that could be made that would satisfy the security<br>
> concerns?<br>
<br>
</div>Everything is possible if someone cares to write the code.<br>
<div class="im"><br>
> I'm want to explore creating UI so that the user has to select the file<br>
> path themselves where the plugin could write the file. It would also<br>
> disallowed the file record via playlist options and if it's possible set<br>
> the libvlc_media_option_trusted only at runtime when a record button was<br>
> pressed so that someone couldn't run rogue javascript without the user<br>
> knowing?<br>
<br>
</div>Telling the user that his/her computer might be hacked is not acceptable.<br>
The computer shall not be hacked and that is all.<br></blockquote><div><br></div><div>Every time you use a web browser out on the internet your computer "might" be hacked, so I think that is a bit unfair. I don't disagree with what I assume your intent is that VLC can't be released with known security vulnerabilities. I'm simply trying to understand the scope of the issue. J-B's response was that the problem is that windows dlls can be overwritten. If the user has to select the path through the plugin itself and not javascript then it should be possible to make that a non-issue. What other issues have to be solved then? </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Rémi Denis-Courmont<br>
<a href="http://www.remlab.net/" target="_blank">http://www.remlab.net/</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
vlc-devel mailing list<br>
To unsubscribe or modify your subscription options:<br>
<a href="http://mailman.videolan.org/listinfo/vlc-devel" target="_blank">http://mailman.videolan.org/listinfo/vlc-devel</a><br>
</div></div></blockquote></div><br>