On Mon, Jan 31, 2022 at 09:22:52PM +0100, Tomas Härdin wrote:
[...]
> It strikes me that this borders on incorporating business logic within
> lavf. A user could achieve the same thing with a small shell script.
> For example adding an alias that inspects calls to ffmpeg and sed:s
> ipfs:// URLs accordingly

That sounds like a security nightmare
the ffmpeg command line is complex, there are filters, strings for thinsg like
drawtext, there is metadata possibly and links can occur at different places
some of this may be controlled by a user (= attacker)
seperating the actual links out to modify them and just them is no easy feat

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

There will always be a question for which you do not know the correct answer.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to