[texworks] SCRIPTING: Getting Take Aways (sending out) - TW.system() and \write18

Paul A Norman paul.a.norman at gmail.com
Fri Aug 5 01:15:54 CEST 2011


On 4 August 2011 23:49, Stefan Löffler <st.loeffler at gmail.com> wrote:
> Hi,
>
> On 2011-08-04 12:30, Paul A Norman wrote:
>> On 4 August 2011 06:10, Stefan Löffler <st.loeffler at gmail.com> wrote:
>>> -) I would add something about the dangers of allowing execution of
>>> system commands, that it shouldn't be done lightly, and that script
>>> authors should inform the users about the risks (and benefits) involved.
>>> Only if they do that security measures can really work (otherwise, the
>>> click on "run system command" is just one more click that everybody
>>> carries out to get the script XY to work).
>>
>> Haven't got time to absorb all the detail in your comments just right
>> now,  but on the following point for some reason I had in the back of
>> my mind as I wrote the introduction area, that there was going to be
>> something appropriate actually written directly into the preferences
>> dialogue box in TeXworks?
>
> No, there's no mention of it in the preferences dialog. It is mentioned
> in the manual of course, and we could add a tooltip to the option, but I
> don't see a way to add a general warning note that accurately describes
> the problem to the present list of options (without breaking/cluttering
> the layout).
>
> Anyway, I still think that this point should be emphasized again for
> script authors. They are the ones that have to decide whether to use
> this function, and if so, how to explain it in the documentation.
>
Dear Stefan,

Thanks for that. A script writer would only be using it because it was
necessary.

If your previous conjecture on the danger of the System function (and
Read and Write ets..) is correct, it is the end user who needs to make
the decision. If it is not deemed necessary to have a more explicit
warning for them in the Preferences then why must we have the whole
need to decide to turn it on at all? Why not just have it turned on by
default?

However as  you have strongly argued in the past it is a great danger
to the end user - then we should be truly warning them at the point
that they elect to turn it on. Not rely on their having found about it
in the manual, or on the script author telling them.

 -- if part of your original problem was that there was a great danger
of malicious scripts, -- is an imagined  malicious script author going
to advise Users of the perceived dangers of Read Write and System
commands?

Probably not.

Your present argument appears to  make a folly of the whole point you
had in pushing this stuff in in the past..

Paul

> Cheers,
> Stefan
>



More information about the texworks mailing list