[please cc: me on replies, i'm unsubscribed pending fixing my mail setup for
the summer]
John[/others]--
Way back in January we talked about security with XPConnect, if you want to do
something less silly than enabling UniversalXPConnect. After a lot of mucking
around, Sash has finally got its beautiful new runtime architecture, and I'm
getting around to fixing the security situation.
Basically I want to allow full xpconnect-happiness for our objects, and for
nothing else. In fact, if I could disable UniversalXPConnect (so that it
doesn't even work if the user says "yes", it just denies) I would do that.
You mentioned two things: nsISecurityCheckedComponent, and
nsIXPCSecurityManager. It looks to me like the only existing implementation of
nsIXPCSecurityManager is caps/src/nsScriptSecurityManager, which is no
lightweight. Which makes me think the simple thing to do is to make all our
objects SecurityCheckedComponents, and have them just allow AllAccess on
everything.
I actually gave this a shot, but it didn't work -- I saw the calls to
nsISecCheckComp go by, but xpconnect stopped working, whether or not i had
UniversalXPConnnect on. Should this be working (i.e. was I doing something
wrong)?
Or is there a strong reason to implement an XPCSecurityManager?
thanks.
Ari Heitner
