Basic HTML version of Foils prepared May 19 99

Foil 148 Scripts Signed by Different Principals

From Remarks on Internet and Java Security Basic Information Track Computational Science Course CPS616 -- Spring Semester 1999. by Geoffrey Fox, Mehmet Sen
Since JavaScript does not have internal protection mechanisms like Java, e.g., protected and private, and object properties including methods can be changed at runtime, simple signing of scripts is sometimes not secure enough.
Different scripts from different principals on the same page can change each other's behaviour.
Security of the JavaScript is ensured by the following assumption:
Mixed scripts on an HTML page operate as if they were all signed by the intersection of the principals that signed each script.
For example, assume principals A and B have signed one script, but only principal A signed another script. In this case, a page with both scripts acts as if it were signed by only A.

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999