My concern with Mozilla is the ability of almost any javascript hacker to replace some of the chrome files
Unlike modifying C++ components (operating system or otherwise) , javascript hacking requires VERY little experise to capture passwords etc. Just seems a little too easy at the moment. Thanks anyway "Mitchell Stoltz" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > What if your operating system files are compromised? There's no > cryptographic verification there...iles > > You are correct that "local security issues" did and continue to take a > backseat to remote exploits. We assume that if an attacker can change > files locally (or is sitting at your keyboard) then there's nothing we > can do. > > There has been no impetus for signature verification of local chrome > files. However, if you can find some like-minded people who also want > this feature, this would make a great Mozdev project. > -Mitch > > rvj wrote: > > OK dumb question but is it potentially possible to have signed chrome which > > could be authenticated when Mozilla starts up? > > > > I know that signing is primary used for file transfer verfication but I am > > more interested in preventing tampering at the > > > > local workstation (i.e. tampering/ replacement of JAR files) > > > > Instead of having to sign individual scripts, objects, etc, I would like to > > sign a single chrome JAR file containing a collection of secure files
