Next: References
Up: A User's and Programmer's
Previous: User Interface Changes
We have described the benefits of our model and implementation
for the end user and the JavaScript programmer. Our model
furthermore benefits the Mozilla developers: If new security bugs
emerge, browser developers can use specialized fine-grained policies
that control access to sensitive objects in order to identify
paths that need to be followed to mount a successful security
breach. Furthermore, in case of such a security bug, Mozilla can make
available specially tailored policies to download, which protect against
exploitation of this security bug. This is a more desirable course of
action than the current practice of suggesting turning off
JavaScript entirely until a bug fix is available.
(Our current implementation allows only predefined security policies,
but it could be further developed to provide for user-defined policies.)
Our positive experience with using site-specific security policies indicates
that such policies for the whole browser (on-off for cookies, Java,
JavaScript, etc.) should be considered.
We hope that the final implementation will be scrutinized
early on by the Mozilla open source community, so that remaining weaknesses
can be identified before they become actual ``bugs''.
Acknowledgments:
We thank Murali Rangarajan, who did the initial work on the
implementation of the new security model.
We are grateful to Norris Boyd and Tom Pixley
at Netscape for their help and encouragement. Finally,
Eric Brewer at Inktomi, in his role as USITS shepherd,
helped us to make a number of improvements.
Next: References
Up: A User's and Programmer's
Previous: User Interface Changes
Alain Mayer
8/30/1999