[Greasemonkey] greasemonkey for secure data over insecure
networks / sites
julien.couvreur at gmail.com
Mon Jul 18 13:30:10 EDT 2005
No need to have principals and ACL stuff for this kind of security.
Simply having a correct design and enforced encapsulation (private
variables stay private and you cannot guess references to objects, you
need to be given them by someone else) works.
http://erights.org (lots of info on capability-based security, in
contrast with principal-based security)
On 7/18/05, Nikolas Coukouma <lists at atrus.org> wrote:
> Godmar Back wrote:
> >The "CS textbook" way of solving this problem is by associated a code
> >principal with a GM script, and by making sure that the GM runtime
> >only uses the privileges associated with that principal. If GM code is
> >invoked by the web site trying to exploit GM, the privileges are not
> >granted; if the GM script itself calls into GM, the privileges are
> >The mechanism for doing this in Java ("stack inspection") was invented
> >at Netscape by Wallach and others in the 90s - this became later in
> >somewhat modified form the Java2 security model. It was always my
> >A cursory look at Mozilla's page reveals that Mozilla might provide a
> >similar mechanism with script signing, and associating signed scripts
> >with code principals to ensure that the privileges are only granted
> >according to what the signer is entitled to, and only if invoked from
> >signed code.
> >greasemonkey in this manner?
> > - Godmar
> Hrm, this might be more usable than I first thought. The obvious thing
> to do is have script authors sign their own scripts. That's a bit icky
> because we want to make user scripts easy to write. However, if GM
> generated a key and signed each injected script itself, we wouldn't
> bother the script author.
> A quick search returned this link
> -Nikolas Coukouma
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
More information about the Greasemonkey