Security:Scattered Security Checks

From MozillaWiki
Jump to navigation Jump to search

Abstract

This is a proposal for a security model for Gecko. The key idea of this proposal is that security checks are performed immediately before doing a possibly-unsafe operation and that the subject principal for any actions is tracked throughout the codebase. Contrast this with the proposal at Security:Security_Checks_In_Glue.

Conceptual description

In this model, security checks are performed as needed in the code flow. For example, before setting some internal member of a class, we could check whether the caller is allowed to set it. This model requires keeping track, throughout our code, of who "the caller" is. This is more or less the current model, except we pretty much completely screw it up.

Pros and cons

Implementation notes

Retrieved from "https://wiki.mozilla.org/index.php?title=Security:Scattered_Security_Checks&oldid=33833"