webpositive security issue non prompted file downloads

[stargatefan]

webpositive will automatically download files without asking for user consent. This is a big security issue that needs fixing before beta/hrev1.

fortunately is was only a windows self executable so no harm was inccured by someday someone may right a virus for haiku.

[axeld]

Unless attributes are resurrected (which isn't possible), downloading a file can never be a security issue. Only what you do with such a file can become one.

I haven't tested it, but in most cases, WebPositive should always just download files without asking again (after you clicked on that link).

[stargatefan]

Replying to axeld:

Unless attributes are resurrected (which isn't possible), downloading a file can never be a security issue. Only what you do with such a file can become one.

I haven't tested it, but in most cases, WebPositive should always just download files without asking again (after you clicked on that link).

actually I have seen a bunch of non user intiated file downloads, things like pop.swf and other stuff. In fact yesterday I watched the webpositive allow for a unprompted download of a known windows scareware program.

I don't worry to much becuase there isn't much out there that could infect haiku or beos thanx to the small user base, but someday it could be a problem.

[stargatefan]

​http://dev.haiku-os.org/ticket/7319

my ticket is a much more poorly defined version of the behavior of the ticket above. I suggest closing this one as it is a duplicate and the ticket above better describes the behavior I am seeing.

[korli]

Closing as a duplicate of #7319. Thanks stargatefan