E.3 Code Signing Security ModelThe ARCHIVE attribute described above hints at another major change in JavaScript 1.2: a new security model. The experimental data tainting model has been discarded, and replaced with the more robust model used by Java applets. The model is conceptually fairly simple: JavaScript code signed by an entity that the user has declared to be trusted can have privileges that untrusted code does not. Those privileges include things like viewing the contents of the History array and submitting forms by e-mail. Essentially, the "hobbles" imposed on untrusted code are lifted for trusted code. In order to take advantage of these new capabilities, JavaScript code must be digitally signed, included in a JAR file, and it must use LiveConnect to invoke Java methods that temporarily enable additional privileges. |
|