[Jsprintsetup] Security Idea

Dimitar Angelov mitko at edabg.com
Wed Feb 9 08:32:54 PST 2011


Hi!

Great Work!

We are now working by this and have done some work to the moment but is 
not in final phase.
Our idea is closer to your idea, but is little different.
+---- jsPrintSetup Options ----------------------------+
|                                                      |
| +- Security Mode ----------------------------------+ |
| | [ ] enable access from all URLs                  | |
| | [*] prompt for URL if is not in white/black list | |
| | [ ] enable acess ONLY from enabled URLs          | |
| +--------------------------------------------------+ |
|                                                      |
| +-----------+------------+                           |
| |White List | Black List |                           |
| |-----------+--------------------------------------+ |
| | http:\\some.com\url           +---------+        | |
| | https:\\other.com\dow         | Add     |        | |
| |                               +---------+        | |
| |                               +---------+        | |
| |                               | Edit    |        | |
| |                               +---------+        | |
| |                               +---------+        | |
| |                               | Remove  |        | |
| |                               +---------+        | |
| +--------------------------------------------------+ |
+------------------------------------------------------+
The main difference is protection on URL level not on domain level 
(only). We have also permit pattern in URLs to give more flexibility.
Other difference is level of access. We have not think about implement 
detailed level of access for two main reasons:
1. End user (user who is using web application) have not enough 
knowledge to get right decision about level.
2. Some features can be overlapped by functionality and will be 
difficult to distinguished.

About popup dialog it is very nice and I can add some little thing:
1. It is possible to add option "Temporary enable for session" (I'm not 
fully sure that is easy, but I have idea how to do).
2. If we accept idea to use URL instead of domains have to be extended 
with features about add URL or part of URL. Something like Add URL, Add 
Domain Only or Custom (Edit URL).

About "Print Done" notification this is good idea and can be implemented.
Locale is also very important and we will be happy if you help to add 
French locale.

We are waiting for comments about our implementation to the moment, 
because it is very important to have more ideas to be more useful.

If you want I can send working version of the extension.

Regards,

Dimitar Angelov

On 09.2.2011 г. 14:21, Guillaume Crico wrote:
> Hi !
>
> Has anybody started the "security manager" implementation?
>
> I'm sure that everybody would agree the /"trust this site" idea/.
>
> Here is a more precise proposition...
>
> The extension options dialog would mimic the "Popup authoridation dialog".
> (@seechrome://browser/content/preferences/permissions.xul)
>
> +---------------------------------------------------------+
> | Allow domain:                                           |
> | _______________________________________________________ +
> |                                                  Allow  |
> |                                                         |
> +---------------------------------------------------------+
> | +-----------------------------------------------------+ |
> | | Domain                        | State               | |
> | +-----------------------------------------------------+ |
> | |www.example.com                | Allow (level...)    | |
> | | ad.badguy.com                 | Deny                | |
> | |                               |                     | |
> | |                               |                     | |
> | |                               |                     | |
> | +-----------------------------------------------------+ |
> | Delete domain | Delete all domains                      |
> |                                                         |
> |                                                         |
> | [x] Ask for permissions when needded                    |
> |                                                         |
> |                                                   Close |
> +---------------------------------------------------------+
>
>
>
> We should add a method to the component:
>      jsPrintSetup.askUserPermissions(level, callback)
>
> where level is a mask of :
>      - kAllowSetup: allow setting margin/headers/footers...
>      - kAllowPrinters: allow getting printers list and setting the printer
>      - kAllowSilentPrint : allow silent print (requires kAllowPrinters?)
>      - kAllowSaveGlobalSettings : (BUT IN FACT I THINK WE SHOULD DROP THIS FEATURE!)
>      - kAllowAll: kAllowSetup&  kAllowPrinters&  kAllowSilentPrint&  kAllowSaveGlobalSettings
>      - kAllowNone: 0
>
>
> Every access to the component methods should be wrapped with a permission check, throwing an exception when there is no enougth permissions.
> The web site script author is responsible for error handling...
> (I think that is it simpler for everyone, because if we ask "on demand", we will have troubles with async execution...)
>
> When a web site calls jsPrintSetup.askUserPermissions(), the browser shows a non-intrusive dialog (just like for popups):
>
> +-------------------------------------------------------------------------+
> | This web site want to customize your printer settings.     | Options  x |
> +-------------------------------------------------------------------------+
>
> The "x" close button is an alias for "Deny once", see below.
> Of course, if the domain is already in the prefs list, the dialog is not displayed (unless the permission level is not enought).
>
> The options button display the following menu:
>
> +-------------------------------------+
> | Allow once forwww.example.com       |
> | Always allow forwww.example.com     |
> | Deny once forwww.example.com        |
> | Always deny forwww.example.com      |
> |                                     |
> | What are the risks...               |
> | Modify JSPrintSetup options...      |
> | Do not display this message anymore |
> +-------------------------------------+
>
> "Allow once" =>  add to prefs list with "allow" state
> "Always deny" =>  add to prefs list with deny" state
> "What are the risks..." =>  maybe we should give some explanations about the potential threats?
> "Do not display this message anymore" =>  like unchecking "Ask for permissions when needded" in options
>
>
> The callback provided to jsPrintSetup.askUserPermissions() would then be called with the argument "level": the permission level (kAllow* mask) given by the user.
> If the user have denied (once or always), the level is kAllowNone (0).
> If the user gave the permission "once", the level is the same that the argument provided to jsPrintSetup.askUserPermissions().
> If the domain in in the prefs list, the level is the one stored in prefs.
>
>
>
> I think that we should display a "Print done" notification when the silent printing is invoked.
> (As a user, even if I trust a site, I would appriciate a little "monitoring"!)
> What do you think of this?
>
>
> There is some useful code to implement this in:
>      - browser.jar/content/browser/preferences/permissionsutils.js
>      - browser.jar/content/browser/preferences/permissions.xul
>      - browser.jar/content/browser/preferences/permissions.js
>
>
>
> Any volunteers?
>
> I can do some of the work, but I would need testers.
> I have no skills in FF4.0 extensions dev. Anybody has advice to give?
>
>
> Note: We also have to localize, because we're going to have userland messages!
> (I can do French locales...)
>
> Regards,
> Guillaume
>
>
>
>> Thank you for the suggestion!
>>
>> It Is important to implement this security concern indeed.
>> We have planned to implement management of enabled URL-s which can use
>> JSPrintSetup, but it is yet as idea level.
>> But you are fully right we have to implement this in short time.
>>
>> Regards,
>>
>> Dimitar
>>
>> cod3master wrote:
>> >/  I like jsprintsetup a lot, but I have a security concern.
>> />/
>> />/  the addon should ask, if a site want's to access jsprintsetup, because
>> />/  if a lot of people use jsprintsetup you can be sure that there
>> />/  will be some advertising autoprints on webppages.
>> />/
>> />/  the function should be like the geolocation function of firefox 3.5, it
>> />/  should have the option "trust this site" and save the setting permanently.
>> />/  in that way jsprintsetup can't be misused.
>> />/
>> />/  i hope you can implement a function like that, because this will surely
>> />/  help the distribution of the addon, and maybe to be integrated
>> />/  completely in a future
>> />/  firefox release :-)
>> />/
>> />/  thanks
>> />/  GT/
> /
> /
>



More information about the Jsprintsetup mailing list