Michael Rueger wrote:
> Brad Fuller wrote:
>
>> <PARAM name="imageName" value="/home/bfuller/Squeak3.8-6665.image">
>
> IIRC the image has to be in the same directory as the
> SqueakPlugin.image, not absolute filenames, otherwise that would be a
> huge security whole.
Thanks that worked -- however it's complaining that it can't find the
changes file, but it's in the same directory, and with the same permissions.
?

On your other note: Can you explain why this is a big security risk? I
guess it's at least the known location of where npsqueak was installed
by root when the user/root downloaded the package.  But, if you're on a
system like Windows, couldn't SqueakPlugin.image be easily overwritten
by anyone?

What other issues are there with running the squeak plugin with one's
own image?  For instance, can I just change the plugin source to
download the plugin and image into a user accessible directory to allow
the user the ability to change/add/save the image?

Or maybe the initial intent of the squeak plugin was temporary -- e.g.
dnl "projects" to use per session and not save image state? A browser
doesn't really have computing accessibility - so, use the computing
power of squeak in a browser window - something you can't get with
javascript.


brad