Check out the new USENIX Web site. next up previous
Next: User Interface Changes Up: Our Implementation Previous: setPrivate, unsetPrivate

Hierarchy of Tests: "Hedging Your Bets"

The various tests outlined above and summarized here must all succeed before access to an object or property is granted. The order of checks is something like this:
1.
Check whether the (JavaScript) script is signed, and if so, whether the signature is valid. (The current Netscape security model does not allow access to some objects/methods unless the script presents a valid signature. One example is the user preferences object, navigator.preferences. We integrate this approach into our access control.)
2.
Check for ACL violation.
3.
Check for property policy violation

Note that this hierarchy means that even a signed script is not granted unconditional access to JavaScript objects. A signed script makes some parts of the object model accessible that otherwise would not be, but the signed script's code is still subject to the same set of checks as any other script.


next up previous
Next: User Interface Changes Up: Our Implementation Previous: setPrivate, unsetPrivate
Alain Mayer
8/30/1999