v0.9.9: Safety or inapplicability?

All you've ever wanted to know about the ActiveX, Mozilla plugins, the web interface and various PHP extensions
Anatoly_B
Blank Cone
Blank Cone
Posts: 14
Joined: 20 Aug 2008 03:30

v0.9.9: Safety or inapplicability?

Postby Anatoly_B » 21 Apr 2009 22:58

Code: Select all

main input: unsafe option "ffmpeg-pp-q" has been ignored for security reasons main input: unsafe option "ffmpeg-skiploopfilter" has been ignored for security reasons main input: unsafe option "verbose" has been ignored for security reasons main input: unsafe option "udp-caching" has been ignored for security reasons main input: unsafe option "http-caching" has been ignored for security reasons main input: unsafe option "vout-filter" has been ignored for security reasons main input: unsafe option "deinterlace-mode" has been ignored for security reasons
:shock: :cry: :evil: :evil: :evil:
Now I have to recommend older version 0.9.8 to users.
If this "innovation" will continue in future versions, I will be constrained to renounce use of the VLC Plugin ...
- VLC Plugin 0.9.9 can not properly play TV-streams, as they are deinterlaced...
If someone want to solve security problems - this can be done without destroying much of the functionality.

p.s. All last versions in NIGHTLIES (0.9.10, 1.0.0) have this problem... :x :cry:

thannoy
Big Cone-huna
Big Cone-huna
Posts: 601
Joined: 20 Mar 2008 09:44
VLC version: 0.9.8a & 1.0-git
Operating System: GNU/Linux Fedora10
Location: France
Contact:

Re: v0.9.9: Safety or inapplicability?

Postby thannoy » 27 Apr 2009 14:26

Unfortunately, vout-filter is prone to security vulnerabilities and is required for now (I think) if you want to deinterlace. Other options seems safe enough to be allowed, there is pending fresh patches for them on the devel mailing list.

I and mostly a workmate of mine (Cyril Mathé aka cmathe) will probably have a look at this issue in the following weeks to propose a JS call to allow safe vout filter addition such as deinterlace. It will not be ok for upcoming 1.0 release (soon), so for 1.1 maybe (this summer) or before if you want to try nightly builds.

regards.

Anatoly_B
Blank Cone
Blank Cone
Posts: 14
Joined: 20 Aug 2008 03:30

Re: v0.9.9: Safety or inapplicability?

Postby Anatoly_B » 01 May 2009 02:32

:) Thank you! I hope that a resolution of this problem (perhaps - partial, temporary) would be not too distant time.

In my opinion, such a decision would be quite admissible:
- In the future, would like to see the security settings for the plugins in certain configuration file.
- There is a need to restrict access to video files on local computer (for reading and for writing) only in the folder, specified in this configuration file (by default, this folder should not be appointed and access to local files should be blocked).
- If there are doubts about the safety vout-filter, could block unsafe values.
- And also, it is necessary to block the streaming-out on the web page (by the default) - not only for confidentiality reasons, but to prevent the use of plugin for DDoS...
This was, would be sufficient to ensure the confidentiality /security.

Yaffle
New Cone
New Cone
Posts: 8
Joined: 03 Apr 2009 22:55

Re: v0.9.9: Safety or inapplicability?

Postby Yaffle » 04 Jul 2009 15:06

Code: Select all

main input unsafe option "access-filter" has been ignored for security reasons main input unsafe option "timeshift-granularity" has been ignored for security reasons main input unsafe option "timeshift-force" has been ignored for security reasons
Unfortunately, timeshift cann't be used with last versions of VLC plugin too.
I see, for 1.1 version you implement vlc.video.deinterlaceEnable JS method, I hope this version will be released soon.

AndreJ
New Cone
New Cone
Posts: 7
Joined: 11 Aug 2009 08:47

Re: v0.9.9: Safety or inapplicability?

Postby AndreJ » 11 Aug 2009 09:22

I'm using the latest v1.0.1 PLUGIN and I still have the problem that I can't set the deinterlace_mode=bob on.

I really need this feature in my project. Can anybody please help me with any suggestion?


Return to “Web and scripting”

Who is online

Users browsing this forum: No registered users and 6 guests