Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Switcher Hangout (Windows to Mac)
Is there a way to disable the incessant password requirement?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Thor-HoG" data-source="post: 1502332" data-attributes="member: 297126"><p>I never suggested it was "bulletproof." Nothing is, and I never expect it to be. Regarding Firefox (and others) plug-in sandboxing, that's all and good. Security in depth is the best way to do. However, I disagree that is it "more effective" than sandboxing. An hierarchical "sandboxing" as FF does with plug-ins works well when the plug-in is behaving well, and when the OS has been written to properly handle *any* possible breach. Sandboxing on the other hand, requires that the sandboxed app itself explicitly identifies only the required access to the sandbox engine in code. This gives you *two* layers of protection. An attack against the app will have to bypass the apps explicit code, and then it will have to bypass the wrapping sandbox.</p><p></p><p>Further, there are any number of attack vectors via browser exploits. I say again, ALL browsers should be written to sandbox requirements if they want to be responsible for security. Plug-in isolation would only apply to a plug-in, not to the million other vectors out there. </p><p></p><p>t</p></blockquote><p></p>
[QUOTE="Thor-HoG, post: 1502332, member: 297126"] I never suggested it was "bulletproof." Nothing is, and I never expect it to be. Regarding Firefox (and others) plug-in sandboxing, that's all and good. Security in depth is the best way to do. However, I disagree that is it "more effective" than sandboxing. An hierarchical "sandboxing" as FF does with plug-ins works well when the plug-in is behaving well, and when the OS has been written to properly handle *any* possible breach. Sandboxing on the other hand, requires that the sandboxed app itself explicitly identifies only the required access to the sandbox engine in code. This gives you *two* layers of protection. An attack against the app will have to bypass the apps explicit code, and then it will have to bypass the wrapping sandbox. Further, there are any number of attack vectors via browser exploits. I say again, ALL browsers should be written to sandbox requirements if they want to be responsible for security. Plug-in isolation would only apply to a plug-in, not to the million other vectors out there. t [/QUOTE]
Verification
Post reply
Forums
General Discussions
Switcher Hangout (Windows to Mac)
Is there a way to disable the incessant password requirement?
Top