"I have a mind like a steel... uh... thingy." Patrick Logan's weblog.

Search This Blog

Tuesday, November 06, 2007

Global Security

From Douglas Crockford's The Department of Style...

There is one problem in JavaScript that is bigger than all of the others put together: The Global Object. All compilation units are thrown into a shared global container. This gives each unit full access to all of the other units. All units get exactly the same rights and privileges. This turns out to be a huge mistake. It is the root cause of most of the security problems in the browser...

In the long term, I want to replace JavaScript and the DOM with a smarter, safer design. In the medium term, I want to use something like Google Gears to give us vats with which we can have safe mashups. But in the short term, I recommend that you be using Firefox with No Script. Until we get things right, it seems to be the best we can do.


Chris Double said...

This is one of the things that the ECMAScript 4 proposal tries to address. You can prevent global objects from being modified, and it has a packaging/module system.

It'd be interesting to hear Doug's view on whether this will do the job.

Patrick Logan said...

Of course reading global data can be a security weakness too.

Crockford has been a proponent of the "vat" idea -- running individual "applications" in their own vats, i.e. leak-free containers.

On es4 generally, Crockford writes...

"JavaScript is currently going through a redesign that is again failing to consider the security of the language. The new language will be bigger and more complex, which will make it even harder to reason about its security. I hope that that redesign will be abandoned."

Chris Double said...

Thanks Patrick. I know Doug's view on ES4 as a whole, I was more interested in if he had actually commented on the portions that are purported to help with the security issues. So far I've not seen any detail on his issues.

I like the separate independant 'vat' idea too, with the ability to send data between vat's via message passing. This is how I used Ficl and Io on my cellphone to sandbox things when I was playing around with that.

Douglas Crockford said...

The EC4 proposal, because it attempts to be compatible with ES3, retains all of the serious holes. It is a large step in the wrong direction. The claims that it addresses the security problems is at best misinformed.

Blog Archive

About Me

Portland, Oregon, United States
I'm usually writing from my favorite location on the planet, the pacific northwest of the u.s. I write for myself only and unless otherwise specified my posts here should not be taken as representing an official position of my employer. Contact me at my gee mail account, username patrickdlogan.