[Qgis-developer] new plugin: test on windows and security policy

Denis Rouzaud denis.rouzaud at gmail.com
Wed Apr 11 08:02:50 EDT 2012


Hi all,

I just uploaded a plugin, "Custom Launcher". It can be used to c 
ustomize your own actions to launch your preferred apps or commands 
within QGIS.
http://plugins.qgis.org/plugins/customlauncher/
(video demo is here http://www.youtube.com/v/B6811zAuXhw&hd=1 
<http://www.youtube.com/v/B6811zAuXhw&hd=1> )

Can someone test this on windows (mac?) with a shell command, to see if 
everything is ok?


Also, when using shell commands, subprocess.Popen is called using 
shell=True and This is not recommended in python doc.
However, I consider it is safe in my plugin since the action is saved in 
the application settings and NOT in the project settings.
Indeed, there might be safety issues, as you could open someone else's 
project with a "rm -rf /" command hidden in an action. But this is not 
the case.
And if someone takes time to modify something in QGIS, he could do any 
other hack.
Do you agree on this?


Greetings

Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/qgis-developer/attachments/20120411/4d60bee7/attachment.html


More information about the Qgis-developer mailing list