[Greasemonkey] Explicit ID, Not Namespace
Matt Labrum
darktempler at gmail.com
Sun Mar 12 14:10:41 EST 2006
err , as opose to a greasemonkey script could just log all your
passwords.....
its possible at the moment to steal sensitive data , i dont see how allowing
scripts to share data will pose anymore of a risk then there already is.
On 3/12/06, Matt Sargent <matt.sargent at earthlink.net> wrote:
>
> That would be a huge (and obvious) security issue. Person A writes handy-
> dandy script that, as part of its function, stores some sensitive data.
> Person B
> writes evil script that has the same ID as the first script. Evil script
> grabs
> sensitive data and transmits it to Person B.
>
>
> On 12 Mar 2006 at 0:37, Gareth Andrew wrote:
>
> > This problem has been discussed in a slightly different context
> > recently
> > http://mozdev.org/pipermail/greasemonkey/2006-January/007368.html .
> > I'd rather see this problem addressed using some of the solutions
> > mentioned in that thread ie. have GM_getValue have an some sort of ID
> > parameter so in this cases two scripts that were the same would use
> > the same ID and thus share the stored data.
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
More information about the Greasemonkey
mailing list