[Jsprintsetup] Re: Security Idea

Guillaume Crico guillaume.crico at gmail.com
Wed Feb 9 04:21:05 PST 2011


Hi !

Has anybody started the "security manager" implementation?

I'm sure that everybody would agree the /"trust this site" idea/.

Here is a more precise proposition...

The extension options dialog would mimic the "Popup authoridation dialog".
(@see chrome://browser/content/preferences/permissions.xul)

+---------------------------------------------------------+
| Allow domain:                                           |
| _______________________________________________________ +
|                                                  Allow  |
|                                                         |
+---------------------------------------------------------+
| +-----------------------------------------------------+ |
| | Domain                        | State               | |
| +-----------------------------------------------------+ |
| | www.example.com               | Allow (level...)    | |
| | ad.badguy.com                 | Deny                | |
| |                               |                     | |
| |                               |                     | |
| |                               |                     | |
| +-----------------------------------------------------+ |
| Delete domain | Delete all domains                      |
|                                                         |
|                                                         |
| [x] Ask for permissions when needded                    |
|                                                         |
|                                                   Close |
+---------------------------------------------------------+



We should add a method to the component:
     jsPrintSetup.askUserPermissions(level, callback)

where level is a mask of :
     - kAllowSetup: allow setting margin/headers/footers...
     - kAllowPrinters: allow getting printers list and setting the printer
     - kAllowSilentPrint : allow silent print (requires kAllowPrinters?)
     - kAllowSaveGlobalSettings : (BUT IN FACT I THINK WE SHOULD DROP THIS FEATURE!)
     - kAllowAll: kAllowSetup&  kAllowPrinters&  kAllowSilentPrint&  kAllowSaveGlobalSettings
     - kAllowNone: 0


Every access to the component methods should be wrapped with a permission check, throwing an exception when there is no enougth permissions.
The web site script author is responsible for error handling...
(I think that is it simpler for everyone, because if we ask "on demand", we will have troubles with async execution...)

When a web site calls jsPrintSetup.askUserPermissions(), the browser shows a non-intrusive dialog (just like for popups):

+-------------------------------------------------------------------------+
| This web site want to customize your printer settings.     | Options  x |
+-------------------------------------------------------------------------+

The "x" close button is an alias for "Deny once", see below.
Of course, if the domain is already in the prefs list, the dialog is not displayed (unless the permission level is not enought).

The options button display the following menu:

+-------------------------------------+
| Allow once for www.example.com      |
| Always allow for www.example.com    |
| Deny once for www.example.com       |
| Always deny for www.example.com     |
|                                     |
| What are the risks...               |
| Modify JSPrintSetup options...      |
| Do not display this message anymore |
+-------------------------------------+

"Allow once" =>  add to prefs list with "allow" state
"Always deny" =>  add to prefs list with deny" state
"What are the risks..." =>  maybe we should give some explanations about the potential threats?
"Do not display this message anymore" =>  like unchecking "Ask for permissions when needded" in options


The callback provided to jsPrintSetup.askUserPermissions() would then be called with the argument "level": the permission level (kAllow* mask) given by the user.
If the user have denied (once or always), the level is kAllowNone (0).
If the user gave the permission "once", the level is the same that the argument provided to jsPrintSetup.askUserPermissions().
If the domain in in the prefs list, the level is the one stored in prefs.



I think that we should display a "Print done" notification when the silent printing is invoked.
(As a user, even if I trust a site, I would appriciate a little "monitoring"!)
What do you think of this?


There is some useful code to implement this in:
     - browser.jar/content/browser/preferences/permissionsutils.js
     - browser.jar/content/browser/preferences/permissions.xul
     - browser.jar/content/browser/preferences/permissions.js



Any volunteers?

I can do some of the work, but I would need testers.
I have no skills in FF4.0 extensions dev. Anybody has advice to give?


Note: We also have to localize, because we're going to have userland messages!
(I can do French locales...)

Regards,
Guillaume



> Thank you for the suggestion!
>
> It Is important to implement this security concern indeed.
> We have planned to implement management of enabled URL-s which can use
> JSPrintSetup, but it is yet as idea level.
> But you are fully right we have to implement this in short time.
>
> Regards,
>
> Dimitar
>
> cod3master wrote:
> >/  I like jsprintsetup a lot, but I have a security concern.
> />/
> />/  the addon should ask, if a site want's to access jsprintsetup, because
> />/  if a lot of people use jsprintsetup you can be sure that there
> />/  will be some advertising autoprints on webppages.
> />/
> />/  the function should be like the geolocation function of firefox 3.5, it
> />/  should have the option "trust this site" and save the setting permanently.
> />/  in that way jsprintsetup can't be misused.
> />/
> />/  i hope you can implement a function like that, because this will surely
> />/  help the distribution of the addon, and maybe to be integrated
> />/  completely in a future
> />/  firefox release :-)
> />/
> />/  thanks
> />/  GT/
/
/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mozdev.org/pipermail/jsprintsetup/attachments/20110209/1c0215d4/attachment.html>


More information about the Jsprintsetup mailing list