On 11/27/2009 12:39 PM, Gervase Markham:
Similarly, there will be Jetpacks which work with your password store and those which don't. How do you deal with that? Just let all Jetpacks read the password store? Or have a permissions model? If you have one, what's to stop users just clicking "Yes"?
Regarding the above specific example I believe it IS about code and not author. Access to the password store must happen in the same manner as Firefox implements it, e.g. poke for the master password every time this happens.
The only solution to this problem, IMO, is to authenticate authors, not code. If you know who the author is, to a sufficient level that there's some chance of a policeman feeling his collar if he turns out to have written code which steals all your passwords, then there's an incentive for good behaviour. (This is how EV SSL certs work.) Of course, this works against "anyone can author an add-on and put it on the web and have people use it"...
As such, this is what code signing certificates really provide and obviously I'd support that ;-)
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
