- From: Michaela Merz <michaela.merz@hermetos.com>
- Date: Wed, 19 Nov 2014 05:00:24 +0100
- To: public-webapps@w3.org
Yes Boris - I know. As long as it doesn't have advantages for the user or the developer - why bother with it? If signed code would allow special features - like true fullscreen or direct file access - it would make sense. Signed code would make script much more resistant to manipulation and therefore would help in environments where trust and/or security is important. We use script for much, much more than we did just a year or so ago. Michaela On 11/19/2014 04:40 AM, Boris Zbarsky wrote: > On 11/18/14, 10:26 PM, Michaela Merz wrote: >> First: We need signed script code. > > For what it's worth, Gecko supported this for a while. See > <http://www-archive.mozilla.org/projects/security/components/signed-scripts.html>. > In practice, people didn't really use it, and it made the security > model a _lot_ more complicated and hard to reason about, so the > feature was dropped. > > It would be good to understand how proposals along these lines differ > from what's already been tried and failed. > > -Boris >
Received on Wednesday, 19 November 2014 04:00:52 UTC