Summary: | [EditorMgmt] Security hazard with .bat/.exe/script files in Eclipse projects | ||
---|---|---|---|
Product: | [Eclipse Project] Platform | Reporter: | Oyvind Harboe <oyvind.harboe> |
Component: | UI | Assignee: | Platform UI Triaged <platform-ui-triaged> |
Status: | NEW --- | QA Contact: | |
Severity: | normal | ||
Priority: | P3 | CC: | Michael.Valenta |
Version: | 3.2 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows 2000 | ||
Whiteboard: |
Description
Oyvind Harboe
2005-11-03 06:54:12 EST
So, the problem is that windows will run a bat file without prompting the user to warn them that it may contain malicious code. In a way, this makes sense since windows doesn't know that the bat file came from another machine. You're suggesting that, because Eclipse knowns the bat file came from CVS (or any repository for that matter), it should warn the user before using a system editor on the file. Moving to UI since they handle editor opening. (In reply to comment #1) > So, the problem is that windows will run a bat file without prompting the user > to warn them that it may contain malicious code. In a way, this makes sense > since windows doesn't know that the bat file came from another machine. You're > suggesting that, because Eclipse knowns the bat file came from CVS (or any > repository for that matter), it should warn the user before using a system > editor on the file. Moving to UI since they handle editor opening. I guess it is impossible for Eclipse to know which of the System editors that are unsafe and therefore the system editor should never be opened "accidentally". E.g. clicking "Next" in the Search view should not invoke the system editor. Moving Dougs bugs Remy is now responsible for watching the [EditorMgmt] component area. This bug hasn't had any activity in quite some time. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. If you have further information on the current state of the bug, please add it. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. |