Difference between revisions of "Low Integrity Code Generation"
(→Full Title or Meme) |
|||
| Line 2: | Line 2: | ||
The effort to create fully functional [[Web App]]s has led to changes in the functionality of the browser sandbox to allow functionality, like FILE API, that can easily be exploited to create high integrity applications with low integrity code files. | The effort to create fully functional [[Web App]]s has led to changes in the functionality of the browser sandbox to allow functionality, like FILE API, that can easily be exploited to create high integrity applications with low integrity code files. | ||
| − | Author: Tom Jones | + | '''Author:''' Tom Jones |
| − | Last Update: 2302-03-03 | + | '''Last Update:''' 2302-03-03 |
==Context== | ==Context== | ||
Revision as of 10:04, 9 March 2023
Contents
Full Title or Meme
The effort to create fully functional Web Apps has led to changes in the functionality of the browser sandbox to allow functionality, like FILE API, that can easily be exploited to create high integrity applications with low integrity code files.
Author: Tom Jones
Last Update: 2302-03-03
Context
The W3C WICG (web incubation community Group)
Mandatory Integrity Checking (MIC)
Problems
Any Web App that deals with low-integrity data should be allowed to impact high-integrity functionality. The example used here is VSCode, a Microsoft code generation application, but any Web App that transitions low-integrity input to high-integrity output would have the same issues.
VS Code
Migrating VS Code to Process Sandboxing describes the process of moving a (initially) 12 MB code generation platform to the use of ONLY low-integrity source code.
Solution
Stop trying to make Web Apps into high-integrity solutions providers.
