Open Bug 274803 Opened 15 years ago Updated 11 years ago

Chatzilla needs support for remotes

Categories

(Other Applications :: ChatZilla, enhancement)

enhancement
Not set

Tracking

(Not tracked)

People

(Reporter: Gijs, Assigned: rginda)

Details

Chatzilla needs support for Remote Commands.
Examples:

!date - says the current date & time in your current channel
!op - ops the person saying this

Obviously, there are a few catches:
- we'd need a way to verify people are allowed to use the remote
- we'd need a way for the commands to get information about who used the remote
- we'd need a way to prevent *any* security deficits, unless we want people
abusing javascript remotes, or even !quit or something like that.
Sounds to me like something better handled by extending the plugin/scripting API
for Chatzilla rather than writing this functionality into the application itself:
http://www.hacksrus.com/~ginda/chatzilla/faq/#scripts
(In reply to comment #1)
> Sounds to me like something better handled by extending the plugin/scripting API
> for Chatzilla rather than writing this functionality into the application itself:
> http://www.hacksrus.com/~ginda/chatzilla/faq/#scripts

I'm well aware of ChatZilla's scripting capabilities :-). The 'point' of the bug
is that I think it would be an improvement if there was an easy way to have
commands accessible remotely. This is basically the same as aliases: you can do
everything an alias can do using a script, but it would be a lot more
complicated to do, and more time-consuming. 

It seemed to me (and still does) that it would not be hard to make remotes work
the same way aliases do, so a remote would basically become an alias itself, but
of course it would need much better security handling. 

Which is the main problem, as I see it: how would you regulate access to your
remotes? First of all they may be channel / user / server-specific. Then you may
only want them accessible to people who have a certain rank in the channel (op,
hop, voice, founder). And after that you may only want them accessible to
special people who use a password first or have a specific hostmask + nickname
combination.
Last but certainly not least, you'd want to hardcode something that prevents
certain commands from being executed remotely, always. Examples would be quit,
disconnect, pref, eval, any commands to change the user's access to the remotes,
and maybe leave/part as well.
Alright. Over the course of quite a few months I've been involved with more and more ChatZilla development, and I think it might be a fair idea to WONTFIX this bug, primarily per comment #1, the amount of work involved, the security-problem-prone results we'd probably still have (due to the fact that the app is written in js and as soon as a remote can execute a js command, it can do just about anything, should it really want to), and the lack of usefulness (meaning, this is only useful to very few people anyway).

James, Robert, Samuel, I'd like some opinions on this. :-)
Opinions on IRC seemed to have been that we do want some kind of basic support for this. So I'm going out on a limb and confirming my own bug. Please WONTFIX anyway if my recollections of us discussing this are wrong in your eyes :-).
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: samuel → chatzilla
You need to log in before you can comment on or make changes to this bug.