Necko: Electrolysis design and subprojects: Difference between revisions

Jump to navigation Jump to search

Necko: Electrolysis design and subprojects (view source)

Revision as of 05:28, 23 September 2009

610 bytes added ,  23 September 2009
→‎Security Issues
Line 106: Line 106:
= Security Issues =
= Security Issues =


=== Do we want to check principals in the chrome process? ===
== Race conditions ==
 
* Could one frame navigate another frame without permission
* Could one window script into another window without permission
 
== Domain isolation ==
 
* Do we try to restrict cookies to per process / per window
* Can we actually authenticate a network request from a given content process
* How do we handle access to file:// and related schemes... trusting content process might be too much (see below)
* If we do try to isolate, how do we verify the validity of a request (do we need to have a stateful proxy to determine which content is valid to access cross-domain and which isn't)
 
== Do we want to check principals in the chrome process? ==


  (heard on IRC...)
  (heard on IRC...)
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/170133"

Navigation menu