walkjivefly
commented
1 year ago Fair point.
I see it as a useful tool for sheets I created. If running someone else's sheet then it's a more risky proposition.
Anyone building the v0.3 branch for themselves should bear your concern in mind and deactivate the function if they don't have a compelling usecase for it.
lbayle
Hi, the 0.3.0 branch comes with a
RUNCOMMAND()function which allows to execute any external command. This, IMHO is a major security issue.It would be extremely simple to introduce a keylogger, spyware, rootkit or download any type of malware from a spreadsheet (Starting with Examples.ods )
So I strongly recommend to deactivate this function in the code and recompile before you install the plugin.
As we all know, the cryptocurrency world is full of hackers & thieves, so be warned
Best regards