[wp-hackers] Comment client for WordPress
Jared Bangs
jared at pacific22.com
Wed Apr 16 02:43:17 GMT 2008
On Tue, Apr 15, 2008 at 7:09 PM, Alex Hempton-Smith <
hempsworth at googlemail.com> wrote:
> Would that also make the AIR app safe to use even if the author isn't
> necessarily trusted?
> I'm not sure what protection the main AIR application offers from rouge
> AIR
> apps, anybody know?
>
I'm not sure what degree of "sandboxing" etc. that AIR provides, in terms of
preventing malicious authors from doing nasty things to your computer, but
if you're worried about that you could run it in a VM, etc.
You'd still have the risk of people running an app like this against their
"real" blogs, and trusting their login credentials to be kept private and
only used for the stated purpose of the app. You could always just run it
against a local (non-publicly-accessible) blog for testing purposes, but
assuming the testing is successful, do you then start using it on your real
blog?
Of course, you could then further attempt to secure yourself by analyzing
the network traffic that it's generating, making sure that it's not phoning
home or embedding your personal info somewhere on your blog that the author
could then later retrieve, etc. etc. It's all a matter of how paranoid /
security concious you are, I guess.
- Jared
More information about the wp-hackers
mailing list