ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > Find And Run Robot

Urgent security notice for all FARR plugin writers

<< < (2/3) > >>

electronixtar:
I could add a FARR feature to help plugins figure out where to store data,
but let me clarify a little what this security hole is all about for people reading this and nervous.

There is a FARR plugin called "Google Calendar Quick Add", and with this plugin you have to configure your login info.

Sri decided to make a package of his pre-configured aliases and plugins and upload them for others.  He made a slight mistake and included the options file for this plugin, which has his gmail login info in it.

So this is not something any normal FARR user needs to be concerned with -- but it is a reminder for plugin writers and others who might zip up and share their FARR plugin configuration directories, to make sure you dont upload any configuration files that might have sensitive data inside them.

Like I said, I could add a feature into FARR which a plugin could call to get a MyDocuments folder suitable for storing options files, so that they arent in the normal FARR directories, but then again it would be just as easy for a plugin to do that.
-mouser (May 27, 2008, 02:14 AM)
--- End quote ---

Centralized storage would be cool.

ps another question: If 3 plugin use 3 FScript.dll, then there's 3 copy of FScript.dll in memory?

mouser:
ps another question: If 3 plugin use 3 FScript.dll, then there's 3 copy of FScript.dll in memory?
--- End quote ---

i believe that is right.. until and unless ecaradec (the brilliant fscript author) decides to make a multi-script fscript version.  that's probably best discussed on the fscript thread though.

rjbull:
double check every plugin folder  for "options.xml"
[...]

One of the DC member already made a terrible mistake. I can't image how many ppl have donwloaded that plugin package.
-electronixtar (May 27, 2008, 01:29 AM)
--- End quote ---

I was one of them.  I've now found and deleted all "options.xml" files in my FARR subdirectories; there were only two, both sri-related.  As an afterthought, I emptied the Recycle Bin as well.  Hope that leaves me returned to a state of innocence?

f0dder:
ps another question: If 3 plugin use 3 FScript.dll, then there's 3 copy of FScript.dll in memory?
--- End quote ---

i believe that is right.. until and unless ecaradec (the brilliant fscript author) decides to make a multi-script fscript version.  that's probably best discussed on the fscript thread though.
-mouser (May 27, 2008, 03:04 AM)
--- End quote ---
Should only have one instance of script.dll in memory, unless one of the plugins decide to create a new process that then in turn uses fscript.dll. And even then, windows does copy-on-write sharing of DLLs system-wide.

Perry Mowbray:
Centralized storage would be cool.
-electronixtar (May 27, 2008, 02:20 AM)
--- End quote ---

Let me clarify, often people like their passwords encrypted, and I wondered if many plug-ins were needing log-ins and passwords then if FARR handled that and the encryption then it's centralized and carries the FARR seal of quality.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version