Security to Limit or Prevent Remote Execution of Commands

Page 1 of 1 (3 items)
This post has 2 Replies | 1 Follower

Posts 1367
JimTowler | Forum Activity | Posted: Thu, Jun 17 2010 2:14 PM | Locked

Now that the current 4.0d Betas can be commanded to take actions by the COM API and by Logos4 or Logosref linking protocols, I think we might need some controls to limit what actions work without prompting.

Most commands are harmless, but a request to reindex or maybe delete portions, could become a big deal.

Maybe its time for something like macro-security in MS Word? (Set Disabled, Low with Prompting, High with Prompting, etc)

To repeat, most things in the Logos application don't do or mean much of anything (in terms of risk), but its not true of all possible commands.

Posts 4077
Melissa Snyder | Forum Activity | Replied: Fri, Jun 18 2010 7:37 AM | Locked

Suggestion submitted for consideration.

Update:  The linking protocols (logos4, logosres, logosref, libronixdls) will never support any command that modifies or deletes user data. The COM API does not currently support any commands that modify or delete user data. If it ever does, it will simply be a matter of trusting the application that uses it.
If there are any specific existing security concerns, please let us know. Thanks.

Posts 1367
JimTowler | Forum Activity | Replied: Fri, Jun 18 2010 8:44 AM | Locked

Melissa Snyder:
... will never support any command that modifies or deletes user data.

Thanks Melissa.

I was unsure if it was possible to impact user-data with some form of the commands.

If it was possible to impact data, then some form of warning or control will be important.

I have no specific concern. It was more about if this was a problem about to leap and and start causing issues ...

Page 1 of 1 (3 items) | RSS