"Gervase Markham" <[EMAIL PROTECTED]> wrote > You haven't yet established why these zones are necessary.
Zones (like those used in Internet Explorer) are a great and commonly used concept of most security and policy models. Imagine the Linux filesystem or a firewall without group rights. Binding rights to a specific entity without a group abstraction (like whitelist websites for a specific right like www.mozilla.org -> popups=true) is just a configuration nightmare - mainly because complexity explodes exponentially with the number of websites and features. Imagine someone joins/leaves your company and you need to grant him rights to the fileserver, mailserver, 20 application servers by whitelisting him on each? Isn't it much more simple to add/remove him to/from the "employee" group and that's it?! Imagine the following situation: You are the webmaster of a huge, worldwide company. You are running several intranets and extranetes inside you company. Most of them require javascript, a few require popups and a few other require preveliged XUL based on codebase principals. You need to configure about 300 Domains (30 applications x 10 countries) classified into the 4 groups/zones (javascript, popups, preveliged XUL and "internet zone"). Tell me why a website whitelist for each feature is better than creating 4 zones, granting them the needed rights and then bind the websites to the zones? Or why i should harm an intranet website requiring javascript, because a security issue in the internet (zone) requires to disable javascript for a few days outside of the intranet (currently javascript is a global on/off)? Especially when i am not a single user but the administrator for 10.000 users running busines critical webbased applications. Michael _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
