Non-browser Identity Verification

Karl Koscher mrsaturn at
Wed May 18 17:46:40 PDT 2005

>They've already given their password-equivalent to an app running on
>the same system: their web browser.  Can Mozilla somehow protect
>~/.mozilla/firefox/profile/cookies.txt from being read by an external
>application?  I don't buy this.
It might be practical in the future, where you can run apps with a 
restricted set of permissions. .NET comes to mind. This is a gross 
simplification, but if you download something using IE, or copy it from 
the network, Windows will add some metadata to the file that basically 
says, "don't trust this executable." You can then choose what 
permissions that executable has.

I'm pretty sure other OSes have similar mechanisms that let you limit 
what an application can do.

Of course, the majority of users still run plain Windows executables 
with Administrator permissions, which allows all sorts of chaos: mucking 
with the filesystem, debugging/snooping on other applications, 
installing drivers, sniffing network traffic, modifing the kernel 
itself, etc.

- Karl

More information about the yadis mailing list