Next: User Interface Changes
Up: Our Implementation
Previous: setPrivate, unsetPrivate
The various tests outlined above and summarized here must all
succeed before access to an object or property is granted.
The order of checks is something like this:
- 1.
- Check whether the (JavaScript) script is signed, and if so,
whether the signature is valid.
(The current Netscape security model does not allow access
to some objects/methods unless the script presents a
valid signature. One example is the user preferences object,
navigator.preferences. We integrate this approach into our
access control.)
- 2.
- Check for ACL violation.
- Determine whether subject has permission to access object.
- Check that the accessed object has not been
setPrivate
- 3.
- Check for property policy violation
- Determine which security policy applies (in order):
site policy, global policy, default policy.
- Check whether there's a property policy under
the applicable security policy.
- Check whether the property policy has been violated
Note that this hierarchy means that even a signed script is not
granted unconditional access to JavaScript objects.
A signed script makes some parts of the object model accessible that
otherwise would not be, but
the signed script's code is still subject to the same set of checks as any
other script.
Next: User Interface Changes
Up: Our Implementation
Previous: setPrivate, unsetPrivate
Alain Mayer
8/30/1999