Basic HTML version of Foils prepared April 7 1998

Foil 121 Scripts Signed by Different Principals

From Basic Principles of Java and Internet Security CPS616 Web Technologies -- Spring 98. by Geoffrey C. Fox


1 Since JavaScript does not have internal protection mechanisms like Java, e.g., protected and private, and object properties including methods can be changed at runtime, simple signing of scripts is sometimes not secure enough.
2 Different scripts from different principals on the same page can change each other's behaviour.
3 Security of the JavaScript is ensured by the following assumption:
4 Mixed scripts on an HTML page operate as if they were all signed by the intersection of the principals that signed each script.
5 For example, assume principals A and B have signed one script, but only principal A signed another script. In this case, a page with both scripts acts as if it were signed by only A.
6

in Table To:


© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Sun Nov 29 1998