[Previous] [Next] [Index]
[Thread]
Re: Applet security (was Re: ActiveX security hole reported).
On Aug 27, 15:50, Michael Burati wrote:
> Subject: Applet security (was Re: ActiveX security hole reported).
[ snip ]
>The above is too binary for me (either I trust everything that's signed or
>not). What I really want is authorization based on who signed the applet
>or by anything signed by a particular CA.
Authorization - ACL's are no small problem. This will require tight coupling of
the authorization framwork with the execution engine. Hhhhmmm....
> Any unsigned applet should be
>relegated to working within the limited sandbox given to it by the browser.
What's the difference between the browser and something else?
>I would then allow local filesystem access to applets signed by FOO, or by
>users-with-certs-from-CAxxx, and/or allow remote network connections by
>applets signed by FU and/or by users-with-certs-fromCAyyy&zzz...
I would be very reluctent to authorize actions based on specific certs. I either
trustem or I don't. Authorizations should be based on the authenticated object.
>Until then, how can I possibly trust automatically-loaded/run downloadable
>code?
>I may trust one person signed by a particular CA to write applets that I'll
>run outside of a sandbox, but not everyone that this particular CA trusts...
:-)
--
Regards...,
[ psr ]
x2160
References: