[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mozilla-layout
Subject:    Re: I need your advice on security checks
From:       Ben Bucksch <ben.bucksch.news () beonex ! com>
Date:       2001-04-06 23:35:10
[Download RAW message or body]

Mitchell Stoltz wrote:

>> Can we at least make sure that appropriate hints are added to the  
>> relevant APIs (e.g. in Necko?), so new programmers are less likely 
>> to  miss that?
> 
> Care to suggest what the hint should look like, and where it should go? 

Care yes, competence no. I don't know in which cases (exactly) the call 
must be placed, nor which APIs would be called in these cases (i.e. 
which APIs are risky).

 From what you said, I'd say "Whenever you fetch from the network, you 
have to check access rights using the function 
|nsISomething::CheckLoadURI()|".
I'd place it above the declaration of the functions (below their 
description, if any) which make fetching from the network possible and 
have a high enough layer, so a caller has enough info for CheckLoadURI. 
I guess, nsIIOService.idl would be such a file.

hm, if we had a list of risky APIs, maybe we could use LXR (or grep) to 
check the whole source code for calls to them and then sort out, which 
ones need the checks? A lot of work, but less error-prone.

[prev in list] [next in list] [prev in thread] [next in thread]