Firefox security strategy (was: Firefox goodies)

[Ben Scott]

On 12/29/05, Kevin D. Clark <kevin_d_clark at comcast.net> wrote:
>> JavaScript should have been designed ... such that it
>> doesn't even have the capability to do risky things.
>
> To me, you just described Java, but that's another thing entirely.

  To some extent, but not completely.  Certainly, at one point in it's
history, Java was being sold as an ideal "sandbox" for things like
client-side intelligence in web pages.[1]  However, it was still
designed around the idea of a general-purpose programming language
which could be locked up if you didn't want the danger getting out of
the web page.  You still have this whole "security model" of what can
be done, when, and to what.

  What I think would be better for web pages would be preventing the
danger from being possible in the first place.  Something with
deliberately limited functionality, designed around web pages.  The
syntax and semantics might be a proper subset of something larger, but
functionality should be shopped off, and quite sharply, at the end of
the web page.

  Of course, a lot of the "neat" things in Firefox work by building
the UI using JavaScript and XML.  By using the same interpreter for
everything, they save a lot of work.  The programmer in me appreciates
what they're getting at, with the "create a universal solution for all
problems" approach.  But the security nerd in me says that sometimes
it's better to duplicate some effort and create a simpler, smaller
tool that's inherently less dangerous.

  Then again, I don't really *know* anything about Firefox's
internals; I've just read blurbs and articles here and there.  Maybe
most of what I want is already there.

  And on the gripping hand, none of this solves the problem of buffer
overflows and other stupid implementation mistakes that even Firefox
suffers from.

Footnotes
--------------
[1] Of course, Java has been sold as the solution to just about
everything at one point or another.