Non-browser Identity Verification
mrsaturn at teencity.org
Wed May 18 17:46:40 PDT 2005
>They've already given their password-equivalent to an app running on
>the same system: their web browser. Can Mozilla somehow protect
>~/.mozilla/firefox/profile/cookies.txt from being read by an external
>application? I don't buy this.
It might be practical in the future, where you can run apps with a
restricted set of permissions. .NET comes to mind. This is a gross
simplification, but if you download something using IE, or copy it from
the network, Windows will add some metadata to the file that basically
says, "don't trust this executable." You can then choose what
permissions that executable has.
I'm pretty sure other OSes have similar mechanisms that let you limit
what an application can do.
Of course, the majority of users still run plain Windows executables
with Administrator permissions, which allows all sorts of chaos: mucking
with the filesystem, debugging/snooping on other applications,
installing drivers, sniffing network traffic, modifing the kernel
More information about the yadis