Doug Turner wrote: > 1) should a socket know about what document it is loading it? Or is > there a cleaner way of doing this?
What basically needs to happen is that some time after we get the IP address being loaded we need to still know the principal doing the load. Whether this happens in the socket transport or in the DNS resolver consumer (are they the same thing?) doesn't matter that much. Due to the fact that the principal is not passed through in the Necko APIs, I suspect that any solution we create will be per-protocol and in particular any extension implementing a protocol handler would reopen the hole unless it took special measures... It might be that we'll at least protect the extensions that map their protocol to HTTP; depends on how we set this up. > 2) if we were to implement this sort of security mechanism, should we go > the route of the security UI, and watch pages (and DNS resolution) > externally? We would have to add a new API to the socket transport so > that we would be able to get these DNS resolution notifications. That would obviate the need for per-protocol things, right? The problem then remains one of matching up loading principal with each load. Note that the security UI doesn't get things all that right, in the end. :( -Boris _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
