Re: strings in gnumeric / awk / etc.
- From: "Andreas J. Guelzow" <aguelzow math concordia ab ca>
- To: gnumeric-list gnome org
- Subject: Re: strings in gnumeric / awk / etc.
- Date: Tue, 16 Jan 2007 14:17:51 -0700
On Tue, 2007-16-01 at 21:50 +0200, Uri David Akavia wrote:
On 1/16/07, Leonard Mada <discoleo gmx net> wrote:
gawk has many advantages and I may point another two:
- it is easy and simple, and very very fast (both to write and execute -
even on huge datasets)
- the code is structured and visible, so it is easy to understand what
it does (this is NOT always the case when you write complex formulas in
the spreadsheet)
I hope these are enough reasons to implement a simple menu-entry in
gnumeric that runs awk/gawk scripts.
I hope they aren't.
While these are good reasons, they don't seem good enough. Currently, I haven't
heard of a proposed method that would actually have some security limitations.
In order to keep security, you would need to write a gawk plugin for
Gnumeric, that can run a limited version of gawk. Otherwise, you're
running arbitrary scripts, without any limitations. While this might
be convenient for you, I don't see an argument that it would be good
in general.
I hope that the developers implement this the RIGHT way, if they
implement something like this at all.
I am not sure about your computer but on mine I can open a terminal
window and run lots of different programs, most of them able to demolish
my home directory and other things. I like it that way.
As a user I am entitled to be able to demolish my stuff.
Now if we were talking about macros that can run automatically, or
function that can be recalculated automatically, I would worry about
security implications.
But a plugin that allows us to feed some portion of a sheet to an
external command and insert the output somewhere else would be under
control of the user. So if the user chooses to use dangerous scripts,
s/he is entitled to do that. We don't prohibit overwriting of files from
within Gnumeric since the user has to approve those actions. Similarly
we should let them run anything they like as long as they have to invoke
it manually.
Andreas
--
Andreas J. Guelzow, Professor
Dept. of Mathematical & Computing Sciences
Concordia University College of Alberta
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]