[Pythonmac-SIG] appscript terminology caching #2
has
hengist.podd at virgin.net
Fri Oct 22 01:26:52 CEST 2004
Jack Jansen wrote:
> > Disadvantages:
> > - ATS must be running on every machine whose applications are being
> > scripted (installation issues? permissions issues? add to startup
> > items?)
>
>This I would consider a showstopper, specifically the "must" bit.
I don't think it's going to be that bad myself, but that's what we're
here to find out, so onwards... :)
>There's all sorts of issues with starting daemons (like: will the
>daemon be system-wide or per-user?
It's a user-level process, so I guess that makes it per-user. Out of
interest, does [Mac]Python run anything at any other level?
Question: what are the rules for Python.app? ATS occupies a position
equivalent to that of Python.app, so presumably we can apply any
rules for the latter to the former.
>What are the security-implications?
An important issue, and one I'm hoping other folks can tell me. :)
Thoughts: While I'm no security expert, I can't see ATS introducing
any holes myself simply because it's so limited in what it can do.
ATS's philosophy is effectively "Don't do anything your parents
wouldn't do." Mostly it just performs tasks that are already
doable/being done, though more efficiently. The only new behaviour it
introduces to a system is the ability to request the terminology of a
remotely running application, which it does via a standard channel -
Remote Apple Events.
Now, RAE security is a system-level, not application-level, issue, so
I can't see how ATS can do any damage there. Anyone who's breached
your system security is going straight to Finder or Terminal to
delete your hard disk, not ATS which has no facility for writing to
disk or launching processes.
Therefore I'm feeling as confident as I can be not being a security
whizz, but obviously would like some comment from those who are. I'll
also sling this topic over to the AppleScript-Implementors list at
some point; sound out folks there. (Particularly the Apple engineers
who are presumably responsible for RAE and its attendant security
issues.) I'll let you all know what comes of that.
>And what if different users have different versions of a program
>installed?
Don't understand this one; can you clarify?
(Note that the purpose of ATS is to return the terminology for a
specified application. With local applications, the application is
specified by path; with remote applications, by machine IP and
process name. In either case, it's the user's responsibility to
specify the right app; additionally, in the latter case it's the
remote machine's job also to have the right app running. Neither is
[fortunately] ATS/appscript's problem; they just take what they're
given.:)
>Different appscript versions?
Pretty much a non-issue. ATS's Apple event interface is the only
point of contact, and both it and the data formats it returns should
be stable across versions.
The only thing that's likely to change is if/when Apple introduce an
OSAGetAppSDEF call, which would affect ATS's planned 'get terminology
[in raw form]' option. When that happens, we'll need a further option
'get terminology [in raw form [using best available format]]' which
would return a raw SDEF if the newer call is available and all
parties how to use an SDEF, otherwise it'll call good old
OSAGetAppTerminology to get and return a raw AETE (which is also the
default when the 'best available format' option isn't included).
>So I would propose to make the daemon optional, and continue
>without caching if it isn't there.
>
>Hmm, maybe the search order for terminology should be the following:
>1. Check whether the developer has included precompiled terminology
>(which could be an option to py2app)
I think we should provide an optional 'terms' keyword argument to the
app() constructor, allowing users to pass in an object containing the
name-code translation dicts themselves (this seems the easiest point
to add an 'in').
This would provide a penultimate fallback for users working with
applications whose aetes are just too bolloxed up to work without
manual patching, in which case the desperate user can dump() what's
usable to file and replace the corrupted/missing bits by hand. For
example, Smile's dictionary is a good example of this, lacking
definitions for some basic commands and classes (AppleScript can use
the default definitions from its aeut resource, but we're not
AppleScript and want nothing to do with such kludgery), and
forgetting to supply a keyword for at least one raw code. It would
also bail out users who wish to use appscript to control a remote
application on, say, an OS9 machine.
(BTW, since this wouldn't involve a custom file/module management
mechanism as was being considered for the appscript-based caching
system, it can use the standard Python module system so won't require
special knowledge to use or tools like py2app to provide additional
support.)
One other thing to note: let's not forget that users can always
resort to using aem instead of appscript. I don't think it's
appscript's job to bend over backwards to accommodate the few
completely psychotic applications that spoil the air for everyone
else. Appscript makes simple things simple; aem ensures that hard
things are possible. AEM's API is deliberately unsophisticated but
still designed to allow human use, and once you throw in some tools
to auto-generate constants modules from aetes it should be a
perfectly reasonable, if workman-like, option. Each tool to its own
use.
Thoughts?
>2. Otherwise, check whether the ATS is running and obtain terminology
>from there
Easy enough for appscript.terminology to trap the MacOS.Error -600
that occurs if ATS isn't running when it tries to call it.
>3. Otherwise do the whole generation yourself.
Trapping the above error and importing and calling the ATS
terminologyparser module would add 4 lines to appscript.terminology,
so wouldn't be hard to implement. This would only be good for local
applications, however, and frankly, if you're allowed to run
Python.app but not ATS then there's something a bit funny about your
setup IMO. Being seriously anti-gratuitous feature creep, I'd still
want some sort of justification for adding the extra rule. We have to
balance the added complexity the extra search options introduces for
the user: with an ATS-only solution they only have one rule to
follow; more options means more rules to remember. (i.e. Don't forget
the Python philosophy of "There should be one, and preferably only
one, way to do it" - too many options can be worse than not enough.)
Many thanks,
has
--
http://freespace.virgin.net/hamish.sanderson/
More information about the Pythonmac-SIG
mailing list