Re: A small security feature proposition



A more constrained approach would probably be better.

gnome-script - Safer XML scripting 
 
Create a list of approved "external file" operations in the 
same vain as the gnome mime file type list. 

Each operation would have  
   a unique identifier,
   a list of "security area group" groups to grant/deny access,
   a script to check the parameters, 
   a shell/bonobo/file template to call the operation/access the file
   and an optional template with the returned filename.

Embed the operations in the gnome xml documents by having the
gnome-script in XML with its own name space. 

Non-destructive operations/files would have a "security area" of "any".

Grant/Deny embedded script access to other operations/files based on
having the required digital signature (see
http://www.w3.org/TR/xmldsig-core/) for the "security area group".

This way you could have active document scripting on a case by case
basis.

David Mohring - "Only you can prevent forest fires"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]