Open Bug 274803 Opened 15 years ago Updated 11 years ago
Chatzilla needs support for remotes
Sounds to me like something better handled by extending the plugin/scripting API for Chatzilla rather than writing this functionality into the application itself: http://www.hacksrus.com/~ginda/chatzilla/faq/#scripts
(In reply to comment #1) > Sounds to me like something better handled by extending the plugin/scripting API > for Chatzilla rather than writing this functionality into the application itself: > http://www.hacksrus.com/~ginda/chatzilla/faq/#scripts I'm well aware of ChatZilla's scripting capabilities :-). The 'point' of the bug is that I think it would be an improvement if there was an easy way to have commands accessible remotely. This is basically the same as aliases: you can do everything an alias can do using a script, but it would be a lot more complicated to do, and more time-consuming. It seemed to me (and still does) that it would not be hard to make remotes work the same way aliases do, so a remote would basically become an alias itself, but of course it would need much better security handling. Which is the main problem, as I see it: how would you regulate access to your remotes? First of all they may be channel / user / server-specific. Then you may only want them accessible to people who have a certain rank in the channel (op, hop, voice, founder). And after that you may only want them accessible to special people who use a password first or have a specific hostmask + nickname combination. Last but certainly not least, you'd want to hardcode something that prevents certain commands from being executed remotely, always. Examples would be quit, disconnect, pref, eval, any commands to change the user's access to the remotes, and maybe leave/part as well.
Alright. Over the course of quite a few months I've been involved with more and more ChatZilla development, and I think it might be a fair idea to WONTFIX this bug, primarily per comment #1, the amount of work involved, the security-problem-prone results we'd probably still have (due to the fact that the app is written in js and as soon as a remote can execute a js command, it can do just about anything, should it really want to), and the lack of usefulness (meaning, this is only useful to very few people anyway). James, Robert, Samuel, I'd like some opinions on this. :-)
Opinions on IRC seemed to have been that we do want some kind of basic support for this. So I'm going out on a limb and confirming my own bug. Please WONTFIX anyway if my recollections of us discussing this are wrong in your eyes :-).
Status: UNCONFIRMED → NEW
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.