Hi. We're developing a CSP that works within a Flash Memory Stick with USB interface with its own OS that offer services through sockets.
We've got a pkcs11 that works on firefox, and we wanted to develop a XPCOM component to provide a set of javascript functions to interact with the CSP device, in order to access certain services from a script (signing, getting the device id, etc.) I was reading a lot of documentation and made some tests and implemented a trivuial component and some scripts to test how did it work. I found that, to call the functions defined on the component in the client, the script needs to obtain extended privileges, and the only way to gain them is using a signed script or enabling codebase principals. Enabling codebase principals in the client isn't a good idea, son the only way is to use signed scripts. The problem comes with the new model applied up from Communicator 4. Everything (html page, scripts and signature files) has to be inside a JAR package. This makes impossible to invoke scripts using standard URLs (you need to use that of jar:http:...!file.jar/page.html), making it horrible to create dynamic web pages. Am I right?, I mean, Is this the only way to extend the javascript functionality in firefox? About the privileges. UniversalXPConnect is the only privilege I can have? Are there any other more restricted privileges? About the model used formerly (script signature referenced by an attribute on the script tag), ¿Isn't it anymore supported? And, I hope i'm not rude asking this, ¿Which was the cause to decide changing it? I'd thank any suggestion you may give me to help finishing this project propperly, and correcting me if there's any other way to use xpcom functions from a script. Thank you very much for your attention. PS: I'd like to suggest something. It's only my point of view, and I know it may be difficult to bring up this, but I just want to give some ideas that may be good or may suggest better ones. The security problem is that, if you gain UniversalXPConnect privileges, you can both access your component or any other critical components that come with firefox. I think that the solution comes by defining different security levels to access the components. Now there are only scriptable or not scriptable components, but scriptable components should be classified within 2 or 3 levels, letting a level for non critical components. (All in all, users always install extensions or things like that without knowing what it really does) And each level should accept scripts with different levels of trust (top level JAR method, middle level pre-JAR Method, and lower level no signing). Suggest things around this. Thank you. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
