[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Securing ActiveX.
On Tue, 17 Dec 1996, Blake Coverett wrote:
> It's not a Java vs ActiveX thing for me at all. What is important is that
> some of the applets I write can't function in a sandbox, they need access
> to the disk and other resources for business reasons. For this type of
> thing signed code without a sandbox is the only choice.
Sure they can. Get a file system that honors security and limit that
applet's access to certain directories only where the data it needs
lives. Do not give it access to everything. A sandbox will allow this.
> What I'd really like is the sort of thing Bill Frantz is describing on
> another branch of this thread. Signed code and an administrator
> defined policy that specified for a given signature exactly what
> types of resources should be accessible. Anything from don't
> execute and audit a security alarm to complete access to the
> whole machine.
Same difference whether you use the signature or some other thing to
grant or revoke access to certain resources. Though if you use a
signature as in the author who wrote it as opposed to something like a
CRC which is unique for every control - then you are opening a wider hole
than you want. With apps like that you want to set security perms for
each application, not all applications that were written by Macrosoft. :)
> > How many users know how to download the jdk and run the java vm locally?
> They don't need to. All they need to do is unzip the java classes into their
> classpath and all of the normal restrictions on an applet are ignored.
> Think it would be very hard to persuade a user to do just that in order
> to play a kewl java game? More importantly it shows that even expert
> users don't always know where the holes in the sandbox are.
Fine - how many game users who how to unzip the java classes into their
classpath? Question is of knowledge not of what action they will take.
.+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\.
..\|/..|sunder@sundernet.com|boots on; If you're gonna try, just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/.
.+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================