[Greasemonkey] Explicit ID, Not Namespace

[Gareth Andrew]

On Sat, 2006-03-11 at 20:30 -0600, Matt Sargent wrote:
> That would be a huge (and obvious) security issue. Person A writes handy-
> dandy script that, as part of its function, stores some sensitive data. Person B 
> writes evil script that has the same  ID as the first script. Evil script grabs 
> sensitive data and transmits it to Person B. 
> 

I don't believe this is an issue, greasemonkey's security model should
be like firefox extension's.  All scripts have the capability to do
malicious things, the onus is on the user not to install malicious
scripts.  This is different from the web security model, where it is
expected a user can visit any site safely, so the onus is on the
application (browser) to prevent sites from doing malicious things. The
important thing with gm security is that a non-malicious script cannot
be made to do malicious things by a malicious website ie. it shouldn't
break firefox's security contract.
(Aaron, Jeremy etc. Is this also how you see it? Should we write this
down somewhere if it is gm's position on security?)

Aside: I would love to see some kind of vetting service built in to us.o
similar to the vetting process for addons.mozilla.org [1].  This would
make it easier for users to install only "safe" userscripts.

Gareth

[1] http://wiki.mozilla.org/Update:Website:DevelopersSection


> 
> On 12 Mar 2006 at 0:37, Gareth Andrew wrote:
> 
> > This problem has been discussed in a slightly different context
> > recently
> > http://mozdev.org/pipermail/greasemonkey/2006-January/007368.html . 
> > I'd rather see this problem addressed using some of the solutions
> > mentioned in that thread ie. have GM_getValue have an some sort of ID
> > parameter so in this cases two scripts that were the same would use
> > the same ID and thus share the stored data.  
> 
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey