From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Emacs RPC Date: Mon, 25 Apr 2011 03:26:46 +0200 Organization: Programmerer Ingebrigtsen Message-ID: References: <874o5ny2cw.fsf@stupidchicken.com> <87pqobgm6y.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1303694831 25006 80.91.229.12 (25 Apr 2011 01:27:11 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 25 Apr 2011 01:27:11 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Apr 25 03:27:07 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QEAZu-00029d-06 for ged-emacs-devel@m.gmane.org; Mon, 25 Apr 2011 03:27:06 +0200 Original-Received: from localhost ([::1]:37875 helo=lists2.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QEAZt-0002tR-Dq for ged-emacs-devel@m.gmane.org; Sun, 24 Apr 2011 21:27:05 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:37727) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QEAZr-0002tB-3K for emacs-devel@gnu.org; Sun, 24 Apr 2011 21:27:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QEAZp-000256-Vc for emacs-devel@gnu.org; Sun, 24 Apr 2011 21:27:03 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:59691) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QEAZp-000250-Op for emacs-devel@gnu.org; Sun, 24 Apr 2011 21:27:01 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QEAZo-00027s-AV for emacs-devel@gnu.org; Mon, 25 Apr 2011 03:27:00 +0200 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 25 Apr 2011 03:27:00 +0200 Original-Received: from larsi by cm-84.215.51.58.getinternet.no with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 25 Apr 2011 03:27:00 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 15 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: cm-84.215.51.58.getinternet.no Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEX//NH62rVuCQe/AAHy s5LspoX+68HmgmvfZVcyGAn/9Mf+8MbFOT7rmHr/98wrEgZ75oFzAAABk0lEQVQ4jW3QL2vDQBgG 8PsEhTKo2PYR5mor25mpQjKzVYxCzFWvqnaNmFnpRGF64g4qI3IQGDUp1GZmFKozODG1QEf23r+k Se6V74/neY9DuZlsJyeezhKn3x+gAvKf2H/e9Pwm5G/xptvz503Ir7p2yO4B4vls79bg49IOr97E CtkFm6gbNXiMqE4kFVhGnI7Lqr6BI+b82wLZHbfDy/qAUNqEv4gjhPi4PK4gOxf7MuEYeJJ7pG9M i6pldLDC8YJLaBWQSMi+1L44bhJLrC7U4bejL+hX+QY+sWmqJa4LODnuKOAGzirAOD9ApsU5bQBX oBK+hAFUrbmalGkQ3+sChESuU3ICLgAjKVm3eEpSWgfVRMh7BW4YUVUkDTTAdQ1E7Ak5hRFASPRo mJuEBfamqgkjeFVIVIZWEwCM0ZA14JbBHrYkpNUqAFFVSyQAOGByKKsmhp6HsQDCvDrABBALCphJ 6EjxGPYeSkj2aNj2zBQwBQLoVGAHsF2tRtbEdrEwIB5VHocqFzltGGG4fK7493+w82uNYqrDMQAA AABJRU5ErkJggg== Mail-Copies-To: never X-Now-Playing: Men's _Credit Card Babies_: "Credit Card Babies (L.E.D. Version)" User-Agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:/GuPdiAfzPKt+x987+q9r3FCr/g= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138694 Archived-At: Ted Zlatanov writes: > Please, please implement this securely from the start. emacsclient is > terribly insecure and we don't need to repeat that. The network connection isn't encrypted, but how is emacsclient insecure otherwise? You have to pass the (shared) secret to the server to get it to do anything. In any case, it's rather an orthogonal issue. I see no reason why the in-Emacs RPC should be more secure than the command line RPC. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/