[Previous] [Next] [Index]
[Thread]
Re: Applet security (was Re: ActiveX security hole reported).
At 11:01 AM 8/28/96 EDT, David M. Chess wrote:
>> not). What I really want is authorization based on who signed the applet
>> or by anything signed by a particular CA. Any unsigned applet should be
>> relegated to working within the limited sandbox given to it by the browser.
>want (or claim that we want). But is it what the typical corporate
>CIO wants, or should want? Should individual users be making that
>sort of fine-grained decisions? Should, for that matter, even
>sysadmins be making that sort of fine-grained decision? If we're
>talking bet-the-company here, it would seem plausible to me that
>a typical corporate installation would want to keep untrusted apps
>from doing anything at all, and (for reasons of convenience) would
>want to allow trusted apps to do many/most things. At least, that's
>what the scenario is based on.
I can't disagree with your points there. Limiting distribution of browsers
to pre-configured ones with preset levels of trust (company's CA, certain
well-known CAs and vendors...) may make sense in those cases.
I have no project related interest in what I was asking for (as I don't work
on web products anyway), it's just what I wanted personally, so I could decide
which applets I would allow to run...