[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Julien Couvreur julien.couvreur at gmail.com
Mon Jul 18 13:30:10 EDT 2005


No need to have principals and ACL stuff for this kind of security.
Simply having a correct design and enforced encapsulation (private
variables stay private and you cannot guess references to objects, you
need to be given them by someone else) works.

Cheers,
Julien

http://erights.org (lots of info on capability-based security, in
contrast with principal-based security)

On 7/18/05, Nikolas Coukouma <lists at atrus.org> wrote:
> Godmar Back wrote:
> 
> >The "CS textbook" way of solving this problem is by associated a code
> >principal with a GM script, and by making sure that the GM runtime
> >only uses the privileges associated with that principal. If GM code is
> >invoked by the web site trying to exploit GM, the privileges are not
> >granted; if the GM script itself calls into GM, the privileges are
> >granted.
> >
> >The mechanism for doing this in Java ("stack inspection") was invented
> >at Netscape by Wallach and others in the 90s - this became later in
> >somewhat modified form the Java2 security model. It was always my
> >understanding that Netscape had something similar for its JavaScript.
> >
> >A cursory look at Mozilla's page reveals that Mozilla might provide a
> >similar mechanism with script signing, and associating signed scripts
> >with code principals to ensure that the privileges are only granted
> >according to what the signer is entitled to, and only if invoked from
> >signed code.
> >
> >Would Mozilla's Javascript security model be applicable to
> >greasemonkey in this manner?
> >
> > - Godmar
> >
> Hrm, this might be more usable than I first thought. The obvious thing
> to do is have script authors sign their own scripts. That's a bit icky
> because we want to make user scripts easy to write. However, if GM
> generated a key and signed each injected script itself, we wouldn't
> bother the script author.
> 
> A quick search returned this link
> http://www.mozilla.org/projects/security/components/signed-scripts.html
> 
> -Nikolas Coukouma
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list