Security:Security Checks In Glue: Difference between revisions

Jump to navigation Jump to search

Security:Security Checks In Glue (view source)

Revision as of 21:42, 12 September 2006

589 bytes added ,  12 September 2006
→‎Pros and cons
Line 19: Line 19:


= Pros and cons =
= Pros and cons =
There are several benefits to this approach.  First, it's reasonably simple to implement.  Second, it eliminates action-at-a-distance issues like [https://bugzilla.mozilla.org/show_bug.cgi?id=287446 Bug 287446].  Third, it should be possible to make this very fast.
The most obvious drawback is that you don't get a defence-in-depth setup.  That is, once something gets into C++ code, there are no more security checks.  This means that JS-accessible methods have to be written with a bit of care, with all codepaths out of them examined and corresponding security checks done up front.


= Implementation notes =
= Implementation notes =
Bzbarsky
308

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/33831"

Navigation menu