Grupuri Google nu mai acceptă postările sau abonamentele noi Usenet. Conținutul anterior este în continuare vizibil.

Dismiss

protocol security

6 afișări

Accesați primul mesaj necitit

Daniele Rizzo

necitită,

27 nov. 2006, 05:59:3427.11.2006

–

Can I enable/disable the privileges of UniversalXpConnect in a 'entire'
protocol (http://, file://) with CAPS (Configurable Security Preference)?

Boris Zbarsky

necitită,

27 nov. 2006, 19:14:1527.11.2006

–

Daniele Rizzo wrote:
> Can I enable/disable the privileges of UniversalXpConnect in a 'entire'
> protocol (http://, file://) with CAPS (Configurable Security Preference)?

Not really, no.

-Boris

Daniele Rizzo

necitită,

28 nov. 2006, 05:32:5728.11.2006

–

> Not really, no.

I find my solution -> in my security.js i've added this line:
##############################################################
......
user_pref("signed.applets.codebase_principal_support", false);
user_pref("capability.principal.codebase.p0.denied", "UniversalXPConnect");
user_pref("capability.principal.codebase.p0.id", "file:///");

user_pref("capability.principal.codebase.p1.granted", "UniversalXPConnect");
user_pref("capability.principal.codebase.p1.id", "search:///");
......
#############################################################

In this way i work with xpcom component in search:/// protocol, but no
with file:///.

Daniele Rizzo

necitită,

28 nov. 2006, 05:35:5128.11.2006

–

Daniele Rizzo wrote:
> Boris Zbarsky wrote:
>> Daniele Rizzo wrote:
>>> Can I enable/disable the privileges of UniversalXpConnect in a
>>> 'entire' protocol (http://, file://) with CAPS (Configurable Security
>>> Preference)?
>
>> Not really, no.

ERRATA CORRIGE:

user_pref("signed.applets.codebase_principal_support", true);

Boris Zbarsky

necitită,

28 nov. 2006, 08:34:2528.11.2006

–

Daniele Rizzo wrote:
> user_pref("capability.principal.codebase.p0.denied", "UniversalXPConnect");
> user_pref("capability.principal.codebase.p0.id", "file:///");

This is relying on implementation details of the file: protocol (which we
actually want to change).

> user_pref("capability.principal.codebase.p1.id", "search:///");

Same here.

This wouldn't work for http://, of course.

-Boris

Boris Zbarsky

necitită,

28 nov. 2006, 08:37:4028.11.2006

–

Daniele Rizzo wrote:
> user_pref("signed.applets.codebase_principal_support", true);

Note that this means that arbitrary untrusted websites can request privileges.

If what you really want is just to grant "UniversalXPConnect" to search:///, why
not leave that pref false? If that means the search:/// prefs don't work
(though they should), you could try

user_pref("capability.principal.codebaseTrusted.p1.granted", "UniversalXPConnect");
user_pref("capability.principal.codebaseTrusted.p1.id", "search:///");

-Boris

0 mesaje noi