On Fri, Jun 27, 2014 at 1:41 AM, Axel Rauschmayer <[email protected]> wrote: > From a recent email [1] by Jonas Sicking: > > Signatures also provide something that the web is in big need of. An > additional security layer so that simply hacking a webserver isn't the > only thing needed by an attacker that wants to steal all your > application data, as well as any personal data that the user has > granted the application access to. > > That is one part of the email that I didn't understand. How can signatures > help with this? Any hints and/or explanations greatly appreciated.
The way signatures generally work is that you set up a signing server which only accept data from very trusted sources. I.e. not from a webserver. In order to push out a new version, the developer sends code to the signing server, which signs the code and sends it to the web server. The web server does not have access to the signing certificate, but rather just the signed code. When the client downloads code from the webserver it checks that the code has been signed by the signing certificate. If the code has not been signed then the client refuses to run the code. An attacker that hacks the webserver only gets access to the webserver. I.e. the attacker can not upload new code and get it signed. And since the signing server refuses to accept data from the webserver the attacker can't get the new code signed that way either. Hence uploading code to the webserver is futile. Any code that the attacker uploads will be unsigned and thus rejected by any client. That's the short of it. There's a bit more protection involved ideally, but the above describes the general outline. / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
