Oh dear, I'm on my phone and my finger slipped aha :] * Is greasemonkey secure / protected from site owners running scripts with user-script level privileges?
* Is greasemonkey secure / protected from malicious scripts sniffing passwords and sending them off elsewhere? * Is greasemonkey secure / protected from scripts / websites being able to edit files on disk (within the script folder / within the firefox profile / other user folder items / protected operating system files)? * Is greasemonkey secure / protected from other people with physical/remote access to your system and can they install scripts without your knowledge? -> Can they hide/obscure the presence of any scripts? * Is greasemonkey secure / protected from other addons or other programs/addons/Firefox bugs etc? * Will gm interfere with other programs/addons/firefox instances or profiles? I could probably continue for quite a while longer and still not list everything, but hopefully it helps jump-start you on your way to defining what you mean when you say "secure". If it is still a blanket far-reaching answer that you want, I'm going to say no. Before anyone starts panicking, I refer you back to my trust model - I'm not saying that greasemonkey is vulnerable, I'm just saying that despite not knowing of any specific attacks* (though as a non-dev this doesn't necessarily count for much), I can't guarantee that it is safe so I'm not prepared to declare otherwise. All it takes is a single new exploit to appear to make something proveably insecure, but it is nigh on impossible to prove something secure with the budget of a free open-source project (or even a billion dollar project for that matter - just take a look at Microsoft, Sony, Adobe and the American intelligence services** for just a few examples!) Anyhow, must stop myself here before I miss my stop - please don't take any offence at anything I've said, I just get a little worked up at when 'security' is so naively oversimplified like this (and when the devs don't know much better, but with such a broad topic you can't expect everyone to know everything.. but that is a rant for another night :] ). Kind regards, kwah * other than malicious scripts and unauthorised access to your system, of which I don't believe neither are issues that Greasemonkey should / can reasonably protect you from. I don't mind sharing the reasoning behind this if you want, which basically boils down to trust. ** Research Gary McKinnon and Wikileaks for starters.. On 31 Aug 2011 17:08, "Anna Morimoto" <[email protected]> wrote: On 8/31/2011 9:41 AM, Anthony Lieuallen wrote: > > On Wed Aug 31 07:43:27 2011, Anna Morimoto wrote:... Only if you can't read English. The other add-on developers I've queried have answered this same question with a yes or a no. If you can't answer no, then the answer must be yes. I like greasemonkey, but I like the truth more. -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" g... -- You received this message because you are subscribed to the Google Groups "greasemonkey-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/greasemonkey-users?hl=en.
