W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2014

Re: What I am missing

From: Michaela Merz <michaela.merz@hermetos.com>
Date: Wed, 19 Nov 2014 09:03:48 -0600
Message-ID: <546CB154.2080702@hermetos.com>
To: noloader@gmail.com
CC: public-webapps WG <public-webapps@w3.org>

That is relevant and also not so. Because Java applets silently grant 
access to a out of sandbox functionality if signed. This is not what I 
am proposing. I am suggesting a model in which the sandbox model remains 
intact and users need to explicitly agree to access that would otherwise 
be prohibited.

Michaela





On 11/19/2014 12:01 AM, Jeffrey Walton wrote:
> On Wed, Nov 19, 2014 at 12:35 AM, Michaela Merz
> <michaela.merz@hermetos.com> wrote:
>> Well .. it would be a "all scripts signed" or "no script signed" kind of a
>> deal. You can download malicious code everywhere - not only as scripts.
>> Signed code doesn't protect against malicious or bad code. It only
>> guarantees that the code is actually from the the certificate owner .. and
>> has not been altered without the signers consent.
> Seems relevant: "Java’s Losing Security Legacy",
> http://threatpost.com/javas-losing-security-legacy and "Don't Sign
> that Applet!", https://www.cert.org/blogs/certcc/post.cfm?EntryID=158.
>
> Dormann advises "don't sign" so that the code can't escape its sandbox
> and it stays restricted (malware regularly signs to do so).
Received on Wednesday, 19 November 2014 15:03:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:32 UTC