-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: > Neither have I. If you figure that out, I'd be very interested in > learning it. Specifically, I've never found a way to correlate requests > to a browser/window/tab/document.
We should talk with the mozilla team about this. Yes. > Can I ask what you're trying to do with the form in the request > observer? Maybe there's another way to get at the same goal. Yes, quite possible. There are many ideas, but if you really are willing to give me a (much needed) hand, I'd recommend that you give the overlay.js file of my extension a quick look. The code is quite easy to follow. I've written it with the purpose of make it easily enhanceable/understandable. In a nutshell, when the request is made, i check if it should be signed or not (that's something the webmaster decides, let's say). If it should be signed (currently, by checking the post's content for a certain field=value pair), then it is processed through openpgp, and this new payload is sent, instead of the unsigned one. If anyone wants to check it out: http://linux-consulting.buanzo.com.ar/2007/02/openpgp-signing-of-http-post.html Abstract: This document describes an extension to the HTTP POST [RFC 2616] method that, along with compatible browser and server-Side software, allows the POST contents to be digitally signed, on the client side, and verified, on the server side, by means of an OpenPGP standard [RFC 2440] implementation on both sides. This allows web developers to add a new layer of security to their applications, and if correctly implemented will render data tampering / man in the middle attacks useless. The direct benefit of implementing this extension is that web developers will be able to verify the POST payload signature, potentially avoiding session management, and/or login procedures. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Mail Hosting Seguro y Consultoria - http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF0jiNAlpOsGhXcE0RAhF9AJ4tKdhQoAoy+xtJr19fuJBjuT0BHgCaAjIz NYobyfWIj+x0ADrfqIIEDNE= =znmD -----END PGP SIGNATURE----- _______________________________________________ Project_owners mailing list Project_owners@mozdev.org http://mozdev.org/mailman/listinfo/project_owners
