Sorry I didn't follow up on this, but I've abandoned the HTTP approach in favor of an NPAPI plugin.
I'm doing a bit of a writeup of it soon. The amount of information spread between GitHub/Wiki/ML is a bit too much for me to clean up, and I'm trying to get to a point where I have a canonical place to announce new information. Sorry for the wait. On Wed, Jul 6, 2011 at 3:01 PM, Maciej Marcin Piechotka <uzytkown...@gmail.com> wrote: > On Wed, 2011-06-22 at 15:39 -0400, Jasper St. Pierre wrote: >> >> > 2. Multiple users or sessions on the same machine >> > Only the first session can use it. >> >> My idea was that log-out would stop the HTTP daemon for that session >> and open one for the current user. Unless there's a special case (I >> didn't think of virt) where two users can be securely both actively >> having GNOME sessions at the same time, I don't think this is a >> problem. > > I don't know the exact details but what come to my mind > > - multiple seats setups would have multiple session running > - If user A is working and (s)he left computer by clicking 'switch > user' the programs should continue to run in the background as if > nothing happened. However user B can log into at the same time. I belive > that after user switch the illusion of continuity is preserved (i.e. > windows can be opened/closed, d-bus works) so it would be surprising to > disallow contacting HTTP daemon > >> The only security issue I can think of that arises out of >> this compromise is that a user could ssh in to the same machine and >> frob the HTTP server to... install, enable/disable and list extensions >> from the official GNOME3 site. > > Which may prove to be a vector of attack if computer is shared and the > exploit is discovered and not yet marked as such on site. > > Regards > > _______________________________________________ > gnome-shell-list mailing list > gnome-shell-list@gnome.org > http://mail.gnome.org/mailman/listinfo/gnome-shell-list > > -- Jasper _______________________________________________ gnome-shell-list mailing list gnome-shell-list@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-shell-list
