I should learn to try things out before I ask silly questions. Changing
my setup so that Thunderbird uses SSL seems to have resolved the issue.
That said, it seems odd that *this* group needs SSL but others do not.
Mike Beltzner wrote:
I've been seeing this as well. Dave? Any suggestions? Does
I've been seeing this as well. Dave? Any suggestions? Does this group
require SSL or something?
cheers,
mike
On 2/28/06, Doug Ludy <[EMAIL PROTECTED]> wrote:
> For some reason I have been unable to transition from the
> netscape.public.security newsgroup to mozilla.dev.security. When I try
> to
Brendan Eich wrote:
2. SpiderMonkey reflects __proto__ and __parent__ for all objects,
again using per-property getter and (for __parent__) setter
Oops, I meant "(for __proto__)" before "setter" above -- __parent__ is
read-only.
This informal write-up contains some boss-level browse
Whoops, I guess that's just another way to put what you were saying.
The proxy model could emulate Linux the kernel's copy_to_user and
copy_from_user, but that leads to another question -- how do you
ensure you're using the proxy correctly, and not accidentally passing
in references.
On 3/10/06,
Is it easier (or more desirable) to make a function that clones a
trusted object, but changes the type so that the sandbox can't
reference trusted APIs from the clone? Or, if the object is a
function, to make it so the sandbox can't introspect on the function?
On 3/10/06, Fritz Schneider <[EMAIL
> We should scrap all this and do something better.
I'm really glad to see that there's interest in a new and better
design.
> One thought I had the other week is to enable privileges implicitly
> based on "latent trust": site has good CA-signed cert, you've connected
> with SSL, you've got a pas
Fritz Schneider wrote:
This direction of access (untrusted is handed a "trusted" object by
trusted code) is not safe.
Then it sounds like it is the case that there is no possible way to
safely expose an interface to code in a sandbox?
We *think* we've secured the paths in t
For some reason I have been unable to transition from the
netscape.public.security newsgroup to mozilla.dev.security. When I try
to retrieve messages from news.mozilla.org via port 119, I get a message
at bottom of the Thunderbird screen saying "There are no new messages on
the server." So far
Hi,
I would like to generate an X.509 certificate singed with PKCS#1v2.1 PSS
scheme.
Can anyone recommend a tool for that?
Can anyone send me an exmaple x.509 singed by this scheme?
--
View this message in context:
http://www.nabble.com/generation-of-X.509-certificate-t1192097.html#a3142100
Se
Fritz Schneider wrote:
BTW, with respect to this statement:
This direction of access (untrusted is handed a "trusted" object by
trusted code) is not safe.
Is this due to bugs or policy? That is, in the absence of bugs in this
area, would this direction be safe?
There are a few
Londerzeel, Belgium, 3rd of March 2006
Dear sirs,
I am a novellist and I'm writing a new book in which I'm referring on
e-mail traffic.
I'd like to ask you if it's is technically possible to receive an e-mail
of which the source-code is not mentioning the date of release or a
date of release
Boris Zbarsky wrote:
Brendan Eich wrote:
One thought I had the other week is to enable privileges implicitly
based on "latent trust": site has good CA-signed cert, you've
connected with SSL, you've got a password saved for this site, you are
logged in.
Such a site could have some awesome pow
Boris Zbarsky wrote:
In this case, I think we do have an answer, though: "Someone found a
situation where an object and its __proto__ were in different trust
domains, and our policy is to not allow access to things from a
different trust domain, so we need to check when getting the
__proto__.
In case this was too verbose, I'll summarize: I'm suggesting that many
applications that require cross-context communication might be solved
with the combination of:
(1) easy object (de)serialization to/from strings and
(2) a proxy object that safely passes strings across contexts (via a
proxy mod
Brendan Eich wrote:
The better course in my view is to take charge of our destiny.
That would be preferred (though we may need a backwards-compat shim for the
three or four capabilities we support now).
One thought I had the other week is to enable privileges implicitly
based on "latent tru
Fritz Schneider wrote:
Doesn't seem to be able to (I get a security exception accessing
.__proto__ on the privileged object).
That's because of one of those JS-level checks (JS calls the hook, the
CAPS code implements it).
We check __proto__, __parent__, .constructor, and
scripted getter or set
16 matches
Mail list logo