[Project_owners] auto certificate acceptance

Scott sgrayban at gmail.com
Tue Mar 27 07:13:40 PST 2007


I agree on this. Overriding any security features whether its in FF or
thunderbird is a very bad idea and it will only hurt the user in the
long run.

Scott
/"Those who cannot remember the past are condemned to repeat it."/ -
George Santa

Get Firefox 2! <http://www.spreadfirefox.com/?q=affiliates&id=69856&t=1>
Boycott China Olympics <http://www.boycott-china-2008.info/>


Konstantin Svist wrote:
> I should hope that since this deals with website security, this 
> mechanism should not be easily overridden.
> If you begin intercepting these requests with your extension, you would 
> be potentially opening a gaping hole in the browser's security.
>
> Just my $0.02
>
>
> Preet Shihn wrote:
>   
>> I am not the owner of the website with that certificate.
>> I am developing a xulrunner based application which has a browser 
>> component to it. The user could potentially visit any website with a 
>> certificate.
>>
>> I was hoping I could somehow intercept that request to feed back a 
>> default result. e.g for prompts, I have implemented a prompt service 
>> that I register with Mozilla service manager. This way whenever a prompt 
>> or alert or http credentials dialog needs to appear, my prompt service 
>> is notified, and I can deal with it however I want. Similarly, I would 
>> like more control over the certificate dialog.
>>
>>
>>
>> On 3/26/07, *Konstantin Svist* <fry.kun at gmail.com 
>> <mailto:fry.kun at gmail.com>> wrote:
>>
>>     The browser only asks this if the certificate is not authenticated by a
>>     known CA (Certificate Authority)
>>
>>     You need to purchase an SSL certificate from a CA - then the browser
>>     will not pop up a dialog and will open the page right away.
>>
>>     The message does not convey too well to the user that the certificate in
>>     question has a problem - either it was self-issued (which, incidentally,
>>     is perfectly okay for internal use, e.g. connecting to a computer on
>>     your own network) or has already expired.
>>
>>
>>     I bought a certificate from godaddy last year - it was pretty cheap
>>     (about $20/year)
>>
>>
>>
>>     Hope this helps
>>
>>
>>     Preet Shihn wrote:
>>      > So, when I visit a https web site with a certificate, it asks for
>>     "do
>>      > you want to accept certificate" or "do you want to accept certificate
>>      > permanently", something along those lines....
>>      > Is there a way to hook up into a mozilla service so that instead of
>>      > popping that dialog, it automatically accepts the certificate?
>>      >
>>      > Maybe I would have to implement some sort service provider that is
>>      > called to handle these dialogs, and I return back a value indicating
>>      > "accept this certificate".
>>      >
>>      > Somehow, I have a feeling it would be much more complicated.
>>      >
>>      > Any ideas/infor related to this would be appreciated.
>>      >
>>      > Merci !
>>      > Preet
>>      >
>>      >
>>      >
>>     ------------------------------------------------------------------------
>>      >
>>      > _______________________________________________
>>      > Project_owners mailing list
>>      > Project_owners at mozdev.org <mailto:Project_owners at mozdev.org>
>>      > http://mozdev.org/mailman/listinfo/project_owners
>>     _______________________________________________
>>     Project_owners mailing list
>>     Project_owners at mozdev.org <mailto:Project_owners at mozdev.org>
>>     http://mozdev.org/mailman/listinfo/project_owners
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Project_owners mailing list
>> Project_owners at mozdev.org
>> http://mozdev.org/mailman/listinfo/project_owners
>>     
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> http://mozdev.org/mailman/listinfo/project_owners
>
>   


More information about the Project_owners mailing list