Basic HTML version of Foils prepared April 7 1998

Foil 116 Signed Script Policy-1

From Basic Principles of Java and Internet Security CPS616 Web Technologies -- Spring 98. by Geoffrey C. Fox


The JavaScript security model for signed scripts is based upon the Java security model for signed objects. The scripts you can sign are inline scripts (those that occur within the SCRIPT tag), event handlers, JavaScript entities, and separate JavaScript files.
A signed script requests expanded privileges, gaining access to restricted information. It requests these privileges by using LiveConnect and the Java classes referred to as the Java Capabilities API. These classes add facilities to and refine the control provided by the standard Java SecurityManager class.
Access control decisions are given based on who, called principal, is allowed to do what, called target, and the privileges associated with the principal.



© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Apr 6 1998