emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 18:57:15 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) 
Ted Zlatanov <address@hidden> writes:

> LMI> What are the security implications of inserting an image from a source
> LMI> we can't validate?
>
> Malicious binary payloads in images are quite common.  There are also
> attacks/exploits/hacks that load Javascript from images.

I really hope we don't have any exploitable bugs in the image handling
code.  

> Regardless, you'd be lowering the security level of the data exchange.

I don't think we care...

> LMI> 99% of the images aren't over TLS, anyway, and aren't validated...
>
> OK, but that's not relevant to the above :)

Sure it it.  >"?

> OK with me, that's a good solution for this particular case.  But there
> will be others where you can't see the things that went wrong in the
> background.  I suggested a modeline indicator previously... it's better
> than silent failure, right?

Well...  No, annoying the user with things the user doesn't care about
is worse than silent failure.  >"?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
reply via email to
[Prev in Thread] Current Thread [Next in Thread]