Low Integrity Code Generation

From MgmtWiki
Revision as of 10:04, 9 March 2023 by Tom (talk | contribs) (Full Title or Meme)

Jump to: navigation, search

Full Title or Meme

The effort to create fully functional Web Apps has led to changes in the functionality of the browser sandbox to allow functionality, like FILE API, that can easily be exploited to create high integrity applications with low integrity code files.

Author: Tom Jones

Last Update: 2023-03-03

Context

The W3C WICG (web incubation community Group)

Mandatory Integrity Checking (MIC)

Problems

Any Web App that deals with low-integrity data should be allowed to impact high-integrity functionality. The example used here is VSCode, a Microsoft code generation application, but any Web App that transitions low-integrity input to high-integrity output would have the same issues.

VS Code

Migrating VS Code to Process Sandboxing describes the process of moving a (initially) 12 MB code generation platform to the use of ONLY low-integrity source code.

Solution

Stop trying to make Web Apps into high-integrity solutions providers.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Low_Integrity_Code_Generation&oldid=16812"