2012/9/24 David Bruant <[email protected]> > Le 23/09/2012 22:04, Herby Vojčík a écrit : > > Hello, > > > > maybe I missed something, but how will you secure the whitelist > > itself? Malicious proxy knowing righteous one can steal its whitelist, > > afaict. > I'm sorry, I don't understand what you're saying here. Can you be more > specific and provide an example of an attack? > > As far as I'm concerned, I consider the design secure, because it's > possible to easily write code so that only a proxy (or it's handler to > be more accurate) has access to its whitelist and nothing else.
Right. Perhaps what Herby meant is that the proxy might provide a malicious whitelist to steal the names being looked up in them. This will be prevented by requiring the whitelist to be a genuine, built-in WeakSet. The proxy will use the built-in WeakSet.prototype.get method to lookup a name in that whitelist, so a proxy can't monkey-patch that method to steal the name either. Cheers, Tom
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
