On 11/13/06, Erik Moeller erik@wikimedia.org wrote:
If security is a major issue, might it be feasible to maintain a whitelist of certificates (to allow applets from trusted authority to be uploaded directly), and to flag all other applets as "non-embeddable" until a sysop flips a switch, so they can be reviewed for security? We could add a big fat warning on the file description page.
It makes more sense to me to use the system we use for JavaScript, i.e., only sysops can add it to begin with. Allowing applets from trusted authorities is an interesting idea, but what does "trusted" mean? Trusted to not take up too many CPU cycles, to avoid playing sound unless the user permits it explicitly, to not include material that would be vulgar and thus attractive to vandals?
I definitely don't think anything whatsoever should be available to non-sysops at all unless uploaded by a sysop, no matter how large the warning message. People are *way* too used to ignoring warning messages.