rvj wrote:
OK dumb question but is it potentially possible to have signed chrome which
could be authenticated when Mozilla starts up?
Instead of having to sign individual scripts, objects, etc, I would like to
sign a single chrome JAR file containing a collection of secure files .
i.e. the
rvj wrote:
I am concerned with tampering at the local workstation
Then protect it at that level - prevent people from messing with it. It
doesn't make much sense to lock one door, if you leave the other door open.
If you still want to do that, write a little md5 checker and use that as
rvj wrote:
My concern with Mozilla is the ability of almost any javascript hacker to
replace some of the chrome files
Replace chrome files how? Do you know of a way for an attacker to do
this remotely? If so, please let me know, as we consider that very
serious. If you're talking about an
What if your operating system files are compromised? There's no
cryptographic verification there...
You are correct that local security issues did and continue to take a
backseat to remote exploits. We assume that if an attacker can change
files locally (or is sitting at your keyboard) then
OK dumb question but is it potentially possible to have signed chrome which
could be authenticated when Mozilla starts up?
I know that signing is primary used for file transfer verfication but I am
more interested in preventing tampering at the
local workstation (i.e. tampering/ replacement of