Google グループは Usenet の新規の投稿と購読のサポートを終了しました。過去のコンテンツは引き続き閲覧できます。
Dismiss

protocol security

閲覧: 6 回
最初の未読メッセージにスキップ

Daniele Rizzo

未読、
2006/11/27 5:59:342006/11/27
To:
Can I enable/disable the privileges of UniversalXpConnect in a 'entire'
protocol (http://, file://) with CAPS (Configurable Security Preference)?

Boris Zbarsky

未読、
2006/11/27 19:14:152006/11/27
To:
Daniele Rizzo wrote:
> Can I enable/disable the privileges of UniversalXpConnect in a 'entire'
> protocol (http://, file://) with CAPS (Configurable Security Preference)?

Not really, no.

-Boris

Daniele Rizzo

未読、
2006/11/28 5:32:572006/11/28
To:

> Not really, no.

I find my solution -> in my security.js i've added this line:
##############################################################
......
user_pref("signed.applets.codebase_principal_support", false);
user_pref("capability.principal.codebase.p0.denied", "UniversalXPConnect");
user_pref("capability.principal.codebase.p0.id", "file:///");

user_pref("capability.principal.codebase.p1.granted", "UniversalXPConnect");
user_pref("capability.principal.codebase.p1.id", "search:///");
......
#############################################################

In this way i work with xpcom component in search:/// protocol, but no
with file:///.


Daniele Rizzo

未読、
2006/11/28 5:35:512006/11/28
To:
Daniele Rizzo wrote:
> Boris Zbarsky wrote:
>> Daniele Rizzo wrote:
>>> Can I enable/disable the privileges of UniversalXpConnect in a
>>> 'entire' protocol (http://, file://) with CAPS (Configurable Security
>>> Preference)?
>
>> Not really, no.

ERRATA CORRIGE:

user_pref("signed.applets.codebase_principal_support", true);

Boris Zbarsky

未読、
2006/11/28 8:34:252006/11/28
To:
Daniele Rizzo wrote:
> user_pref("capability.principal.codebase.p0.denied", "UniversalXPConnect");
> user_pref("capability.principal.codebase.p0.id", "file:///");

This is relying on implementation details of the file: protocol (which we
actually want to change).

> user_pref("capability.principal.codebase.p1.id", "search:///");

Same here.

This wouldn't work for http://, of course.

-Boris

Boris Zbarsky

未読、
2006/11/28 8:37:402006/11/28
To:
Daniele Rizzo wrote:
> user_pref("signed.applets.codebase_principal_support", true);

Note that this means that arbitrary untrusted websites can request privileges.

If what you really want is just to grant "UniversalXPConnect" to search:///, why
not leave that pref false? If that means the search:/// prefs don't work
(though they should), you could try

user_pref("capability.principal.codebaseTrusted.p1.granted", "UniversalXPConnect");
user_pref("capability.principal.codebaseTrusted.p1.id", "search:///");

-Boris

新着メール 0 件