-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gregory Maxwell wrote:
For a proxy to present no additional security holes
over what we have
today it would have to limited to only work on sysop approved URLs.
I'm got the impression from Domas that what we have today isn't
considered very good... but can't make a hard-security improvement on
it unless we disable JS editing by sysops, which would result in a
substantial loss of functionality and development resources.
It seems to me that a proxy with a access control list would actually
improve security since there would be a single point to look to see
what external scripts can be imported... rather than trying to track
down all the places in the site JS where it's being accomplished via
scrip tag injection.
*nod*
What I think I'd like to see us move a little more towards is a model
like that where we've got some concept of available JS-based plugins.
That can make management, maintenance, and user-level selection a lot
easier than the haphazard 'add this <script=blah> command to your secret
JS page' interface we have now; and the easier it is to see what's there
the easier it's going to be to keep it secure.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFG3ajYwRnhpk1wk44RAr38AJ9n+WucbRkxRmuLnG5U2blyQ9PYfACeKXsI
JPIGXIoRdBqyhvJPuWt+H0s=
=cbk1
-----END PGP SIGNATURE-----