[interfacekit] Re: App_server security

From: "Stefano"
To: "interfacekit"
> > After a conversation at the end of the last administrative meeting, I
> > was wondering something about the current decorator scheme which never
> > even dawned on me - security. Should we have addons in the app_server
> > at all aside from accelerants? If so, how "trusted" should the access
> > be? To be a little more specific, I mean that, for example, there is a
> > function which returns a pointer to the graphics driver. Should
> > decorators be allowed to access this pointer or should there be proxied
> > access to it, for fear of doing absolutely stupid things like calling
> > delete on it? Decorators at this point can't do something crazy like
> > delete all running apps or something, but I wondered if this kind of
> > thing is a legitimate concern. Thoughts?

    In principle Decorators should be trusted. But I think we should not
handle them sensible data.

>
>
> If you want my opinion on decorators (and I guess you want it, otherwise
you wouldn't have posted this message on the list :P), I'll tell you I don't
like them very much, at least in the way they are implemented now.
> Let me explain: I've nothing against skinning the UI, but I think it has
to be done OS-wide, I mean, not just for the window borders, but also for
controls and the likes. I.E: you select "Windows95 theme", and you get
windows borders which resembles windows95 ones, but also buttons which are
like that, etc. etc.
>

    Borders and controls do not come together. Borders are for app_server,
skinned controls are for libbe.so classes.

> I know you want to do at least what R5 does (we have three different
windows decors (BeOS, MacOS, Windows)), but IMHO it's not that useful, since
we'll want to change it in the future (I guess)).

    That may be possible because for R2's app_server we'll use OpenGL.
    ... It's not hard to make those decorators... so why not? :-)


Adi.

Other related posts: