Am 19.03.2014 08:21, schrieb GZ Nianguan E.T.:
As for client side requiring support for the media format... The alternative is turn everything into a "known" format on the server side...(transcoding?) which is just takes too much server resources... and introduces a bunch of other issues... In a linux thin client environment distributing new codecs or update to existing codecs is not a big deal.. As for clients running as an application on traditional desktops, we may integrate some form of codec distribution system.
There is a security tradeoff here, though: For the average Joe, who just wants to play videos and doesn't care about security, your solution will work just fine, but if you're using X2Go as a "graphic firewall", where only images and sounds are passed to the client, you cannot use Telekinesis, since you're running an unchanged audio/video stream - and there have been exploits that work by passing a specially crafted image file/audio/video stream. So all of a sudden you're executing malicious code on your client. Transcoding into a known format would lower the chance of that happening (because the attacker would have to craft his file/stream in a way that it does its nasty deed *after* being transcoded), but it would not eliminate it entirely.
-Stefan