v0.9.9: Safety or inapplicability?

[Anatoly_B]

Code: Select all

main input: unsafe option "ffmpeg-pp-q" has been ignored for security reasons main input: unsafe option "ffmpeg-skiploopfilter" has been ignored for security reasons main input: unsafe option "verbose" has been ignored for security reasons main input: unsafe option "udp-caching" has been ignored for security reasons main input: unsafe option "http-caching" has been ignored for security reasons main input: unsafe option "vout-filter" has been ignored for security reasons main input: unsafe option "deinterlace-mode" has been ignored for security reasons

Now I have to recommend older version 0.9.8 to users.
If this "innovation" will continue in future versions, I will be constrained to renounce use of the VLC Plugin ...
- VLC Plugin 0.9.9 can not properly play TV-streams, as they are deinterlaced...
If someone want to solve security problems - this can be done without destroying much of the functionality.

p.s. All last versions in NIGHTLIES (0.9.10, 1.0.0) have this problem...

[thannoy]

Unfortunately, vout-filter is prone to security vulnerabilities and is required for now (I think) if you want to deinterlace. Other options seems safe enough to be allowed, there is pending fresh patches for them on the devel mailing list.

I and mostly a workmate of mine (Cyril Mathé aka cmathe) will probably have a look at this issue in the following weeks to propose a JS call to allow safe vout filter addition such as deinterlace. It will not be ok for upcoming 1.0 release (soon), so for 1.1 maybe (this summer) or before if you want to try nightly builds.

regards.

[Anatoly_B]

Thank you! I hope that a resolution of this problem (perhaps - partial, temporary) would be not too distant time.

In my opinion, such a decision would be quite admissible:
- In the future, would like to see the security settings for the plugins in certain configuration file.
- There is a need to restrict access to video files on local computer (for reading and for writing) only in the folder, specified in this configuration file (by default, this folder should not be appointed and access to local files should be blocked).
- If there are doubts about the safety vout-filter, could block unsafe values.
- And also, it is necessary to block the streaming-out on the web page (by the default) - not only for confidentiality reasons, but to prevent the use of plugin for DDoS...
This was, would be sufficient to ensure the confidentiality /security.

[Yaffle]

Code: Select all

main input unsafe option "access-filter" has been ignored for security reasons main input unsafe option "timeshift-granularity" has been ignored for security reasons main input unsafe option "timeshift-force" has been ignored for security reasons

Unfortunately, timeshift cann't be used with last versions of VLC plugin too.
I see, for 1.1 version you implement vlc.video.deinterlaceEnable JS method, I hope this version will be released soon.

[AndreJ]

I'm using the latest v1.0.1 PLUGIN and I still have the problem that I can't set the deinterlace_mode=bob on.

I really need this feature in my project. Can anybody please help me with any suggestion?