Basic HTML version of Foils prepared May 19 99

Foil 143 Signed Script Policy-1

From Remarks on Internet and Java Security Basic Information Track Computational Science Course CPS616 -- Spring Semester 1999. by Geoffrey Fox, Mehmet Sen


The JavaScript security model for signed scripts is based upon the Java security model for signed objects. The scripts you can sign are inline scripts (those that occur within the SCRIPT tag), event handlers, JavaScript entities, and separate JavaScript files.
A signed script requests expanded privileges, gaining access to restricted information. It requests these privileges by using LiveConnect and the Java classes referred to as the Java Capabilities API. These classes add facilities to and refine the control provided by the standard Java SecurityManager class.
Access control decisions are given based on who, called principal, is allowed to do what, called target, and the privileges associated with the principal.



© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999