[2882] in WWW Security List Archive
Re: Applet security (was Re: ActiveX security hole reported).
daemon@ATHENA.MIT.EDU (Michael Burati)
Tue Sep 3 17:13:55 1996
Date: Tue, 03 Sep 1996 13:03:27 -0400
To: Paul Rarey <Paul.Rarey@Clorox.com>, www-security@ns2.rutgers.edu
From: Michael Burati <burati@apollo.hp.com>
Errors-To: owner-www-security@ns2.rutgers.edu
At 05:14 PM 8/28/96 -0700, Paul Rarey wrote:
>>The above is too binary for me (either I trust everything that's signed or
>>not). What I really want is authorization based on who signed the applet
>>or by anything signed by a particular CA.
>
>Authorization - ACL's are no small problem. This will require tight
coupling of
>the authorization framwork with the execution engine. Hhhhmmm....
Yes, that's what I was thinking too...
>> Any unsigned applet should be
>>relegated to working within the limited sandbox given to it by the browser.
>
>What's the difference between the browser and something else?
Nothing, it was just an example...
>>I would then allow local filesystem access to applets signed by FOO, or by
>>users-with-certs-from-CAxxx, and/or allow remote network connections by
>>applets signed by FU and/or by users-with-certs-fromCAyyy&zzz...
>
>I would be very reluctent to authorize actions based on specific certs. I
either
>trustem or I don't. Authorizations should be based on the authenticated
object.
It seems like that would cause even more of a scalablity problem (authz per
object, where the objects could be each of XYZ corps' hundred products, vs
"I trust any applet from XYZ corp to access the file system outside of the
default sandbox")
..Mike
