At the very least, like the guy says on the page I linked to, clicking one "evil" widget could send a browser into pemanent pr0n spazms. This would be wery bad for office workers, …

Quote: Originally Posted by chris v At the very least, like the guy says on the page I linked to, clicking one "evil" widget could send a browser into pemanent pr0n spazms. This…

This is really a regrettable, inexcusable vulnerability. I know OS X is a complex project, but you would think someone in management or QA would take charge and put 2+2 together be…

Just this morning I was thinking about this: would a widget that, for example, scans one's mails (using Spotlight... why not) for username/password combinations, and then occasiona…

I'm wondering why we all did not see this coming before. I don't mean to come off as an alarmist, but the type of scenario workerbee is describing is within the realm of possibilit…

At present I cannot side with those who see this as a security issue. Software executes code and it can do things for the benefit of the user running it or it can do destructive th…

Quote: Originally Posted by workerbee Just this morning I was thinking about this: would a widget that, for example, scans one's mails (using Spotlight... why not) for username/…

As an addendum to my previous post, I will go so far as to say Safari's definition of "safe" files should exclude widgets or any other executable code -- I have no problem with tha…

Quote: Originally Posted by Jeff Mincey At present I cannot side with those who see this as a security issue. Software executes code and it can do things for the benefit of the …

Quote: Originally Posted by Jeff Mincey At present I cannot side with those who see this as a security issue. (snip) But that's not what is happening here and thus I see peo…

User interaction to invoke the widget once installed is worth zero. 99% of Windows Outlook worms require the user to open the messages, which often have subjects like "I AM A V1RUS…

Just curious: Widgets are, on their most basic level, CSS/XHTML/Javascript. As long as the dashboard app only runs widgets that have that criteria, it seems like it's not as big …

Quote: Originally Posted by wtmcgee To me, it doesn't seem like it's as big a deal as some are making it out to be. Yes it is, however, from what I have read, fixing it see…

Quote: Originally Posted by wtmcgee Just curious: Widgets are, on their most basic level, CSS/XHTML/Javascript. As long as the dashboard app only runs widgets that have that c…

Thanks for the info... I was curious as to what else they could do other than being a 'mere' web page.

Here's what else they could do, and it's far worse than either openURL or openApplication: Quote: Originally Posted by Apple Developer Documentation system Executes a command-…

Quote: Originally Posted by CharlesS This is almost the exact same thing as on Windows IE when you browse to a site and it decides it will install some custom toolbar or other s…

Quote: Originally Posted by Person Man Well, not exactly. It's not a "bitch to get rid of" a widget... It is if you're a novice user and don't know about ~/Library/Widgets. …

Quote: Originally Posted by CharlesS Here's what else they could do, and it's far worse than either openURL or openApplication: So all a widget needs to do is widget.system("r…

Quote: Originally Posted by misc Doesn't running system commands require the "Are you sure?" agreed to? And what stops the widget from not displaying this and/or automatically a…

Quote: Originally Posted by CharlesS 1. It's already been shown that a site can make a widget look just like one of the default Apple ones. 2. If a user isn't intimately famili…

Quote: Originally Posted by misc Right, I understand that. But by doing a 'rm -fr' command from within a widget, Dashboard will raise the red flag and say "You sure?" Right? …

Nope! Your " Calculator" widget did not ask me for any kind of confirmation at all. It just ran, said its nasty little message, and displayed "EVIL" on the screen. From the looks …

How efficiently would an SQLite database run on 10.4? The purpose would be to create an accounting program, with many sophisticated features, most of which would be dealing with in…

The number of records and whether you wanted to have network abilities would be the deciding factors in making the SQLite/PostgreSQL decision. The latter is going to be for network…