On Thu, May 19, 2011 at 8:03 PM, David McPaul <dlmcpaul@xxxxxxxxx> wrote: > How is this different to what was there before? > Previously, only a name was given, which the app_server loaded from a fixed location, namely the decorator add-ons folder. The interface now lets you give it a path to any arbitrary location on disk, which is more or less asking for malware, since that opens the door for a downloaded app to ask the app_server to load it as an add-on and then consequently execute malicious code with OS-level privileges (previously such a scenario wouldn't have been possible unless the user went out of their way to save the executable in question in the decorator add-on dir). While not strictly an issue right now since that's the same privilege level the single user of the sys has anyways, once we go multiuser that kind of vector is unacceptable security-wise. Regards, Rene