- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Sun, 9 Jan 2011 13:34:26 -0500
On Sun, Jan 9, 2011 at 7:21 AM, Bjartur Thorlacius <svartman95 at gmail.com> wrote: > So, OS permissions are too complex, so you figure it's best to build > another permission system on top of the existing ones? Why? 1) OS permissions are not adequately standardized. Every OS has its own permissions model. This makes portability hard, and increases the risk of security bugs caused by the same policy being enforced differently by different OSes. 2) Conventional OS permissions are based on the idea of protecting different users from each other, not protecting users from their own programs. It's assumed that users do not run any program unless they trust it fully. This is not useful in the case of web apps, where the app is a web page that we assume is totally untrusted. OS permissions are coming around to the idea of untrusted apps, but only slowly and (see point 1) inconsistently. Regardless, this point was settled well over a decade ago. Web pages have their own security model, on top of system permissions. This was true as soon as anyone implemented scripting for web pages, since web page scripts have always been sandboxed at a lower permission level than any full program. There's no point in talking about it.
Received on Sunday, 9 January 2011 10:34:26 UTC