Discussion:
Accessing internal objects via JavaScript
(too old to reply)
Anonymous
2005-04-07 20:49:41 UTC
Permalink
Greetings,

I'm trying to determine if Opera provides any way to access internal
objects, in this case certificate stores. I am able to do this from
Internet Explorer (via ActiveX) and on Mozilla/FireFox (via XPConnect),
but I can find no documentation on any such functionality under Opera.

Even should Opera use the basic Windows certificates when on said
platform, one would hope that some standard mechanism is used in order
to facilitate Opera's cross-platform capabilities.

Although such access could undoubtedly be considered a security risk,
bear in mind that both IE and Mozilla cover this. IE prompts the user
out the nose before doing anything, and Mozilla requires the script to
be signed, and then STILL prompts the user for the correct permissions.

Regards,
Nathan
Anonymous
2005-04-08 16:45:21 UTC
Permalink
HAHAHA!! Looks like I've stumped the whole newsgroup.
Post by Anonymous
Greetings,
I'm trying to determine if Opera provides any way to access internal
objects, in this case certificate stores. I am able to do this from
Internet Explorer (via ActiveX) and on Mozilla/FireFox (via XPConnect),
but I can find no documentation on any such functionality under Opera.
Even should Opera use the basic Windows certificates when on said
platform, one would hope that some standard mechanism is used in order
to facilitate Opera's cross-platform capabilities.
Although such access could undoubtedly be considered a security risk,
bear in mind that both IE and Mozilla cover this. IE prompts the user
out the nose before doing anything, and Mozilla requires the script to
be signed, and then STILL prompts the user for the correct permissions.
Regards,
Nathan
Yngve Nysaeter Pettersen
2005-04-08 17:44:12 UTC
Permalink
Post by Anonymous
Greetings,
I'm trying to determine if Opera provides any way to access internal
objects, in this case certificate stores. I am able to do this from
Internet Explorer (via ActiveX) and on Mozilla/FireFox (via XPConnect),
but I can find no documentation on any such functionality under Opera.
Even should Opera use the basic Windows certificates when on said
platform, one would hope that some standard mechanism is used in order
to facilitate Opera's cross-platform capabilities.
Although such access could undoubtedly be considered a security risk,
bear in mind that both IE and Mozilla cover this. IE prompts the user
out the nose before doing anything, and Mozilla requires the script to
be signed, and then STILL prompts the user for the correct permissions.
No, Opera does not allow acces to internal stores like it's
certificate store, nor do we access the Windows certificate store.

Allowing access to such information (in particular the client
certificates, or the contact database) could IMO be a rather big
privacy or security hole.
Anonymous
2005-04-08 17:52:59 UTC
Permalink
Post by Yngve Nysaeter Pettersen
Post by Anonymous
Greetings,
I'm trying to determine if Opera provides any way to access internal
objects, in this case certificate stores. I am able to do this from
Internet Explorer (via ActiveX) and on Mozilla/FireFox (via XPConnect),
but I can find no documentation on any such functionality under Opera.
Even should Opera use the basic Windows certificates when on said
platform, one would hope that some standard mechanism is used in order
to facilitate Opera's cross-platform capabilities.
Although such access could undoubtedly be considered a security risk,
bear in mind that both IE and Mozilla cover this. IE prompts the user
out the nose before doing anything, and Mozilla requires the script to
be signed, and then STILL prompts the user for the correct permissions.
No, Opera does not allow acces to internal stores like it's
certificate store, nor do we access the Windows certificate store.
Allowing access to such information (in particular the client
certificates, or the contact database) could IMO be a rather big
privacy or security hole.
I don't see how with the correct security measures this would be any
more of a security hole than a plugin with access to the user's machine
(again, presuming this is even vaguely possible under Opera, which I'm
starting to think isn't). Better to say it's a security consideration
Opera would rather not have to deal with, which is fair enough.
Eirik Byrkjeflot Anonsen
2005-04-11 06:56:30 UTC
Permalink
Post by Anonymous
Post by Yngve Nysaeter Pettersen
Post by Anonymous
Greetings,
I'm trying to determine if Opera provides any way to access
internal objects, in this case certificate stores. I am able to do
this from Internet Explorer (via ActiveX) and on Mozilla/FireFox
(via XPConnect), but I can find no documentation on any such
functionality under Opera.
Even should Opera use the basic Windows certificates when on said
platform, one would hope that some standard mechanism is used in
order to facilitate Opera's cross-platform capabilities.
Although such access could undoubtedly be considered a security
risk, bear in mind that both IE and Mozilla cover this. IE prompts
the user out the nose before doing anything, and Mozilla requires
the script to be signed, and then STILL prompts the user for the
correct permissions.
No, Opera does not allow acces to internal stores like it's
certificate store, nor do we access the Windows certificate store.
Allowing access to such information (in particular the client
certificates, or the contact database) could IMO be a rather big
privacy or security hole.
I don't see how with the correct security measures this would be any
more of a security hole than a plugin with access to the user's
machine (again, presuming this is even vaguely possible under Opera,
which I'm starting to think isn't). Better to say it's a security
consideration Opera would rather not have to deal with, which is fair
enough.
Plug-ins are about as big a security hole as they come. Don't ever
install a plug-in unless you really trust the source...

However, I don't quite buy the argument that since there already is a
big security hole, we might as well add another :)

eirik

Loading...