World: r3wp
[Plugin-2] Browser Plugins
| older newer | first last |
| Volker 16-May-2006 [859x3] | Ah, yes, misundeerstanding. |
The urls are blocked so you can not reach a "legit" mail-server so you can not 'send. | |
But sending mail is needed for feedback itc, its stupid if it can not be done. SO we need 'send, but not access to the needwork. So another app, which shows text, requests agreement. So, why not users emailer? | |
| Oldes 16-May-2006 [862x3] | browse "mailto:[oldes-:-somewhere-:-cz]" |
I think, that the mini firewall is only possible solution, but I don't know, how difficult it will be to implement | |
But let the networking in, it's the best thing in Rebol. I'm using plugin only as a IRC. I really don't know if it can be compared with Flash so someone would make stupid banners in Rebol | |
| Volker 16-May-2006 [865x2] | Its not the banner, its somebody doing irc from your ip while showing you banners. |
If you host the reblet from your irc-server, its no problem. Else the user needs to bless you explicitely, like with noscript. | |
| Oldes 16-May-2006 [867] | I thin, Josh should read some doc about Flash security: http://www.adobe.com/devnet/flash/articles/fplayer_security.html |
| Volker 16-May-2006 [868] | And hopefully that control-panel is more verbose than the current requester. And offers good informations about the effects. |
| Oldes 16-May-2006 [869x2] | BTW. In the latest Flash versions, you can use ports lower than 1024 (if you allow it) - It was not possible before. |
http://www.adobe.com/devnet/flash/articles/fplayer8_security.html | |
| Anton 16-May-2006 [871] | The plugin *needs* to be highly restricted by default. Please scroll up to the top of this group where BrianH and others made some fine points about security. |
| Pekr 16-May-2006 [872] | but system dialogs are half-way solutions - 1) they can't be translated 2) they are ugly and do not copy design principles of your apps .... stating that - is there a secure way of how to overcome this? Could you provide your own UI and supply it for the internal security system? Probably not, as I could ask user completly different question :-( |
| Anton 16-May-2006 [873] | 1) They can be translated. 2) They are a necessary evil. |
| Pekr 16-May-2006 [874] | I want ability to integrate into my app logic, not nasty looking UFO stuff ... |
| Volker 16-May-2006 [875] | I like that ugly and different. Tells me i am not working inside the app. Because inside the app, if it asks me "Do you like [x] please?" i click yes, whatever [x] is. Its in a sandbox, no? |
| Pekr 16-May-2006 [876] | haven't you meet yourself with requester, which asked for permission for file e.g., where path was cut-down? That is the same like no requester at all ... |
| Anton 16-May-2006 [877] | If I can't control the plugin, Petr, I am not going to install it. I'm not going to develop for it, because there will be no reason why anyone will trust it. Well, you will be able to do that. Perhaps in a separate version of the plugin which might come later. |
| Volker 16-May-2006 [878x2] | Yes, that is a bug. |
I am not saying "windows message box". | |
| Anton 16-May-2006 [880x2] | Heck, what kind of argument is that, Petr ? |
Because current security dialog looks ugly, let's not have security in the upcoming plugin ? That doesn't make any sense. | |
| Volker 16-May-2006 [882] | i am saying call/input/output "rebol %trusted-requester.r" Where the call is hardwired like 'browse and can not be influenced by reblet. |
| Anton 16-May-2006 [883] | Let's stop this immature "oh we are going to lose abilities" paranoid attitude. |
| Pekr 16-May-2006 [884] | bad UI argument .... dunno how others do it, but I prefer to set my settings in control panel, not ending up with myriads of different requesters asking for myriads of permissions to which reaction of users I know apriori - they will hate this, possibly click yes or no no matter what and wonder why things eventually don't work ..... all I am asking for is security presented in sensible way, that is all ... |
| Anton 16-May-2006 [885x3] | I want to get over this stage really fast because it is starting to annoy me. I want to come to this group and read fresh material, not still stuck on these issues. |
Fine - control panel. I like it too. That doesn't explain your attitudes above to various suggestions. | |
Let's get over it now, please. | |
| Volker 16-May-2006 [888x4] | And also, such things should typically not be needed by apps. My usual need is for a link back to my server, and there are no restrictions. |
Security is what kills or make a plugin IMHO, at least for small quality companies. | |
Regarding UI, i would always pop up the conrtol-panel, not a yes/no-requester. Highlight the area which is currently interesting. | |
something like the page-info in browsers, + checkboxes. | |
| Pekr 16-May-2006 [892x2] | Volker - sounds good idea. The thing is - that control panel - is that rebol script/UI or some native stuff? And also - Java has icon in control panel, how such aproach is solved eg. on OS-X, Linux - do they share similar concept of having control panel facility in OS? |
reading back my replies - my apology to Anton and others - I was creating way to much unnecessary noise, sorry... | |
| BrianH 16-May-2006 [894] | Why not go with my suggestion from before (scrolled off the history, I'm afraid)? Don't remove network, file access, etc. by default - instead, restrict it with secure and bring up a security requestor when the applet tries it? It should be up to the user to allow these plugins access anyways. |
| Pekr 16-May-2006 [895] | so far - I like Volker's suggestion most - extending secure: That mini-firewall is in my secure-proposal: secure [net ask tcp://rebol.com allow]. Although securing ports would be nice too, secure [net ask tcp://rebol.com 80 8080 - 9090 allow]. I would just dare to add - it could be kept in all rebol versions, not just plug-in. Also - maybe (not sure), we could have option to "silence" (no-pop-up) the security - e.g. not bringing up pop-up, but e.g. secure/console secure/log or something like that, still of course to keep security tight ... |
| BrianH 16-May-2006 [896] | I'm pretty adamant about not allowing any file access by default without permission though. You don't want anonymous scripts to be able to store any data at all on your hard drive, outside of the browser's built-in storage (cache, cookies). |
| Pekr 16-May-2006 [897] | Brian - not even in plug-in sandbox? |
| BrianH 16-May-2006 [898] | Without that restriction , I won't be able to install the plugin. |
| Pekr 16-May-2006 [899] | maybe by default it could be limited to consume e.g. 1MB? so that your app could write some cfg files, without intrusion by pop-up dialog? Would it be usefull to you? |
| BrianH 16-May-2006 [900x4] | I'm OK with a sandbox, as long as it is a limited one in RAM that gets deleted on browser shutdown. |
The user should be asked for permission to store any files on your drive at all, at least for anonymous scripts. | |
Signed scripts may be given a sandbox though. | |
My basic criteria for default restrictions is: What would you let your worst enemy do with your computer? | |
| Pekr 16-May-2006 [904x2] | OK - one thing is clear now - "What would you let your worst enemy do with your computer?" should be a saying for Rebol plug-in .... now just how to represent it ... |
Hmm, good to read Flash security doc Oldes posted reference to ... | |
| BrianH 16-May-2006 [906] | That's why I suggested cryptographically signed scripts, that could be tracked to an SDK user by RT if necessary. That way, with a header like encap uses, you could lower the security for signed scripts. That way if your script does something bad, the author could be tracked down and sued (shot, whatever ;-) |
| Pekr 16-May-2006 [907] | :-) |
| BrianH 16-May-2006 [908] | Here's a suggestion for a SECURE enhancement: Add a new category, sandbox, that would refer to the sandbox directory, whereever that is. You could set ask permission for anonymous scripts, allow for signed (if specified in the header). |
| older newer | first last |