Gervase Markham wrote:
I don't care if the petnames toolbar was proposed by your grandmother, the man in the moon or Bruce Schneier. It will be evaluated in exactly the same way.
What's more I see no connexion with the page Ian referenced (Application and not only user level rights definition) and petname.
Application level rights definition is certainly the way of the future, They certainly are not the only one to have figured that out, but there are still some very serious problems to solve to make it work in the real life.
In fact outbound firewalls implements a tiny subset of it, and already show where the problem lies. It's about impossible that the product determines only by itself what rights any application should get. If you leave it like that, you break useful applications. If you implement a priviledge escalation mechanism, the clueless user will not be able to make the difference between a legitimate escalation request and a bad one. That tech won't work as long as you don't find a proper solution to this problem, and that's anything but an easy one.
_______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
