Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

protocol security

6 views
Skip to first unread message

Daniele Rizzo

unread,
Nov 27, 2006, 5:59:34 AM11/27/06
to
Can I enable/disable the privileges of UniversalXpConnect in a 'entire'
protocol (http://, file://) with CAPS (Configurable Security Preference)?

Boris Zbarsky

unread,
Nov 27, 2006, 7:14:15 PM11/27/06
to
Daniele Rizzo wrote:
> Can I enable/disable the privileges of UniversalXpConnect in a 'entire'
> protocol (http://, file://) with CAPS (Configurable Security Preference)?

Not really, no.

-Boris

Daniele Rizzo

unread,
Nov 28, 2006, 5:32:57 AM11/28/06
to

> Not really, no.

I find my solution -> in my security.js i've added this line:
##############################################################
......
user_pref("signed.applets.codebase_principal_support", false);
user_pref("capability.principal.codebase.p0.denied", "UniversalXPConnect");
user_pref("capability.principal.codebase.p0.id", "file:///");

user_pref("capability.principal.codebase.p1.granted", "UniversalXPConnect");
user_pref("capability.principal.codebase.p1.id", "search:///");
......
#############################################################

In this way i work with xpcom component in search:/// protocol, but no
with file:///.


Daniele Rizzo

unread,
Nov 28, 2006, 5:35:51 AM11/28/06
to
Daniele Rizzo wrote:
> Boris Zbarsky wrote:
>> Daniele Rizzo wrote:
>>> Can I enable/disable the privileges of UniversalXpConnect in a
>>> 'entire' protocol (http://, file://) with CAPS (Configurable Security
>>> Preference)?
>
>> Not really, no.

ERRATA CORRIGE:

user_pref("signed.applets.codebase_principal_support", true);

Boris Zbarsky

unread,
Nov 28, 2006, 8:34:25 AM11/28/06
to
Daniele Rizzo wrote:
> user_pref("capability.principal.codebase.p0.denied", "UniversalXPConnect");
> user_pref("capability.principal.codebase.p0.id", "file:///");

This is relying on implementation details of the file: protocol (which we
actually want to change).

> user_pref("capability.principal.codebase.p1.id", "search:///");

Same here.

This wouldn't work for http://, of course.

-Boris

Boris Zbarsky

unread,
Nov 28, 2006, 8:37:40 AM11/28/06
to
Daniele Rizzo wrote:
> user_pref("signed.applets.codebase_principal_support", true);

Note that this means that arbitrary untrusted websites can request privileges.

If what you really want is just to grant "UniversalXPConnect" to search:///, why
not leave that pref false? If that means the search:/// prefs don't work
(though they should), you could try

user_pref("capability.principal.codebaseTrusted.p1.granted", "UniversalXPConnect");
user_pref("capability.principal.codebaseTrusted.p1.id", "search:///");

-Boris

0 new messages