| www.delorie.com/archives/browse.cgi | search |
| X-Authentication-Warning: | delorie.com: mail set sender to geda-user-bounces using -f |
| X-Authentication-Warning: | envy.delorie.com: dj set sender to dj AT delorie DOT com using -f |
| From: | DJ Delorie <dj AT delorie DOT com> |
| To: | geda-user AT delorie DOT com |
| Subject: | Re: [geda-user] gedasymbols.org and EDAKrill - need your opinion |
| In-Reply-To: | <CAHUm0tMdCrqp3N5rS0eCVAHjUbLWZXesgDjiuyc5iQko689Ebg@mail.gmail.com> (geda-user@delorie.com) |
| Date: | Thu, 30 Mar 2017 02:54:32 -0400 |
| Message-ID: | <xn8tnn5k5z.fsf@envy.delorie.com> |
| MIME-Version: | 1.0 |
| Reply-To: | geda-user AT delorie DOT com |
| Errors-To: | nobody AT delorie DOT com |
| X-Mailing-List: | geda-user AT delorie DOT com |
| X-Unsubscribes-To: | listserv AT delorie DOT com |
In the gedasymbols case, uploaded scripts are stored in a location where the server won't run them. The scripts that run the server are in a location where only admins can upload. Nothing can stop a user from downloading a script and running it without looking at what it does first. We, in general, only have to stop users from uploading scripts that the *server* runs.
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |