|
As does Java, JavaScript supports codebase principals. A codebase principal is a principal derived from the origin of the script rather than from verifying a digital signature of a certificate. Since codebase principals offer weaker security, they are disabled by default in Communicator.
|
|
To enable codebase principals, end users must add the appropriate preference to their Communicator preference file:
|
|
user_pref("signed.applets.codebase_principal_support", true);
|
|
If enabled, when the user accesses the script, a dialog displays similar to the one displayed with signed scripts. The difference is that this dialog asks the user to grant privileges based on the URL and doesn't provide author verification. It says that the script has not been digitally signed and may have been tampered with.
|
|
|
