On Thu, Jan 29, 2015 at 10:50 PM, Yan Zhu <y...@yahoo-inc.com> wrote:

> Say that resource Y is a javascript file that listens for users typing in 
> password fields and shows them a warning if the password is weak. The user 
> verifies and loads the HTML page that includes Y but an attacker then blocks 
> the request to fetch Y, so the user picks a weak password.

The application developer could cope with this in the top-layer code:

===
<script>
var passwordChecker = null;
...
</script>
<script src="password-checker.js"></script>
<script>
if (null == passwordChecker) {
    // handle failure of security dependency
}
</script>
===

Just as a native application developer should do:

===
void* passwordChecker = dlopen("password-checker.so", ...);
if (NULL == passwordChecker) {
    // handle failure of security dependency
}
===

But,

> My intuition is that most developers think about the security of their app as 
> a whole, not the security of their app minus any-given-subset-of-resources.

You're probably right, about both web developers and native code developers.

But, if we provide a declarative interface for the package format that
allows developers to declare that a given dependency should be
pre-loaded when possible and mandatorily pre-loaded, they might be
more likely to use that than to write the tedious error-handling code
like that above. I.e. we can create good affordances, and thus get the
benefits of security and performance most of the time.

Reply via email to