[tex-live] movie15 and media9

Reinhard Kotucha reinhard.kotucha at web.de
Tue Mar 20 02:16:11 CET 2012


On 2012-03-20 at 01:29:45 +0100, Zdenek Wagner wrote:

 > > Adding a scripting language is always critical in respect of
 > > security.  But hyperlinks are dangerous too, they simply postpone
 > > the problem to the web browser, which probably executes JS
 > > code...
 > >
 > If I understand JS security, there is a big difference. If JS runs
 > in a web browser, it can only connect to the server which provided
 > the web page and the script cannot read arbitrary local files. If
 > the script runs in AR within a file saved in your computer, it can
 > connect to any server and has full access to your disk. It can read
 > any file and send it to any server.

A hyperlink in a PDF file can connect *any* server.  JS in AR not
involved at all.

Regards,
  Reinhard

-- 
----------------------------------------------------------------------------
Reinhard Kotucha                                      Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                              mailto:reinhard.kotucha at web.de
----------------------------------------------------------------------------
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
----------------------------------------------------------------------------



More information about the tex-live mailing list