[browsershots-factories] Re: Testing shotfactory under windows

[Johann C. Rocholl]

On 8/24/06, Marcin Król <hawk at limanowa.net> wrote:
> > I don't want to put the full path name into the database because then
> > a hacked server could run any command on your machine, and has the
> > smell of a serious security problem to me.
>
> Thats true, but if someone will hack shotserver then he will be able to
> run any command anyway. He will simply put his command in database :)
>
> > Maybe the factory could add the c:\bin\ prefix?
>
> Thats the way I'm currently using. How about "windows only" command line
> option to set path? Every factory owner will be able to easily use any
> path he wants.

You're right, my safe_command check is only helpful against things
like "format c:" (because that contains white space). So let's add a
path that the user can change from the command line. Then only files
in that folder can be run.

A default value would be nice, but "c:\bin\" is not exactly a typical
windows directory, more like "/usr/bin" on Unix. Is there a way to use
the current directory as a default? Does ".\" work on windows?

> > This is a very good idea. This way it's very easy to add new browsers
> > later. I'll add it to the database and send the window name to the
> > shotfactory with a new key in the config dict.
>
> Let me know when you'll finish this. I'll be able to finish my code
> changes and run auriga factory.

It's done. I added a new key in the dict: config['scroll'] now
contains the browser window name. For other platforms, it could
specify the location of the scroll bar buttons, or which button to
press how often, etc.

J.