[et-mgmt-tools] [PATCH 5/5] "Launch virt-viewer" (new) browser plugin.
Daniel P. Berrange
berrange at redhat.com
Fri Aug 15 08:56:58 UTC 2008
On Thu, Aug 14, 2008 at 05:07:09PM +0100, Richard W.M. Jones wrote:
> On Thu, Aug 14, 2008 at 03:15:19PM +0100, Daniel P. Berrange wrote:
> > Am I understanding this correctly, that it'll launch the virt-viewer
> > program immediately upon loading the HTML page containing the plugin
> > <embed> snippet ? If so that's a huge security problem - you are
> > spawning a program which is allowed to connect to any host on the
> > internet. It is also a denial-of-service - malicous javascript
> > could write a page containing thousands of <embed> snippets which
> > would spawn thousands of processes.
> >
> > I'd rather expect the plugin to have a small embedded area in the
> > HTML page showing the details of what host will be connected to,
> > what port, and then a button which has to be explicitly pressed
> > to launch the external viewer.
>
> Yes ... The trouble is if we do this, we end up needing to embed Gtk
> widgets in the browser, which takes us back to square one.
Yeah I guess that does really :-( I must be possible to get GTK reliably
embedded though because I use Totem for movie playback and its embeding
GTK ok
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the et-mgmt-tools
mailing list