phpbar.de logo

Mailinglisten-Archive

[php] PHP, MySql und PGP

[php] PHP, MySql und PGP

Kristian =?iso-8859-1?Q?K=F6hntopp?= kk_(at)_netuse.de
Tue, 13 Jul 1999 14:22:18 +0200


Kristian Köhntopp wrote:
> Ulf Wendel wrote:
> > JavaScript kann per Definition nicht auf die Festplatte
> > oder gar auf Binaries auf derselbigen zugreifen (ja,
> > es gibt Bugs, die wenige Teile anzeigen).
> 
> Keine Regel ohne Ausnahme: Abgesehen von Bugs gibt es noch
> 
> http://msdn.microsoft.com/library/partbook/instantj/html/scriptbasedsecurity.htm

http://developer.netscape.com:80/viewsource/goodman_sscripts.html
THE JAVASCRIPT APOSTLE: APPLYING SIGNED SCRIPTS 

Perhaps the most frequently asked questions on JavaScript newsgroups begin with "Can JavaScript do...?" Unfortunately the most frequent answer has been "No." Common requests encompass capabilities that Web application developers would find helpful in their designs: reading and writing files on the client; adjusting main browser window characteristics; or as simple as
offering a pretty button to initiate printing of the page. Standing in our way has been a  ecurity model that prevents even well-meaning access to client machines and browser information. The problem, of course, is that just as an angelic developer can do good with these powers, Web tricksters might do less than good - perhaps downright evil - to unsuspecting Web users. 

The good news is that with the arrival of Netscape Communicator, Web developers can now use a technology called signed objects in Netscape clients to access some of this forbidden client territory - always with the client's permission. A cooperative effort by JavaSoft and Netscape, the scheme allows applets and scripts to be electronically signed by their authors. Before an operation that is considered risky according to the old security model can run, the applet or script asks the user (via a dialog box) whether he or she trusts the page's author to access those normally protected areas of the browser or client computer. Importantly, the access request can be limited and clearly explained to the user instead of demanding "all or none" access to the client's system. 

If you are an author, putting your "John Hancock" on a script is not an entirely automatic process. Employing object-signing techniques in JavaScript-enhanced pages requires a little bit of code that may be unfamiliar to you (especially if you haven't worked with Navigator 3's LiveConnect technology, which allows scripts to communicate with Java applets and classes).
You must also use some Netscape tools that are still under construction as of this writing (July 1997). In this article I will highlight what you need to know about object signing to use it with JavaScript. 

[ del del del ]


und weiter dann mit

http://developer.netscape.com:80/docs/manuals/communicator/jssec/contents.htm
JavaScript Security in Communicator 4.x

http://developer.netscape.com:80/docs/manuals/signedobj/
OBJECT SIGNING RESOURCES

http://developer.netscape.com:80/docs/manuals/signedobj/trust/owp.htm
NETSCAPE OBJECT SIGNING: ESTABLISHING TRUST FOR DOWNLOADED SOFTWARE 

http://developer.netscape.com:80/docs/manuals/signedobj/signtool/contents.htm
Signing Software with Netscape Signing Tool 1.1 

-- 
Kristian Köhntopp, NetUSE Kommunikationstechnologie GmbH
Siemenswall, D-24107 Kiel, Germany, +49 431 386 436 00
Using PHP3? See our web development library at
http://phplib.shonline.de/ (GPL)


php::bar PHP Wiki   -   Listenarchive