473,387 Members | 1,834 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > script signing

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Script signing

Hi,

I need to use the UniversalBrowserRead Privilege in a script. For this,
the script has to be signed, right? Can anyone help me with getting a
free certificate (I don't want to spend a lot of money for something I
do just for fun) and using it to sign a script in an external file
(loaded with the SRC attribute)? I'm working on a Linux machine, so I'd
prefer a solution for Linux. But I can move to windows, if necessary.

I want the script to read the contents (or at least search for some
keywords) of another HTML-page, that comes from a different server. If
there is a simpler way to do this than using UniversalBrowserRead to
bypass the same origin policy and then use XMLHttpRequest to read the
file, I'd appreciate some hints.

Thanks in advance!

Jul 20 '05 #1
3 1681


Christian Schmitt wrote:
I need to use the UniversalBrowserRead Privilege in a script. For this,
the script has to be signed, right? Can anyone help me with getting a
You can request the privilege with an unsigned script loaded from the
local file system.
free certificate (I don't want to spend a lot of money for something I
do just for fun) and using it to sign a script in an external file
(loaded with the SRC attribute)? I'm working on a Linux machine, so I'd
prefer a solution for Linux. But I can move to windows, if necessary.

I want the script to read the contents (or at least search for some
keywords) of another HTML-page, that comes from a different server. If
there is a simpler way to do this than using UniversalBrowserRead to
bypass the same origin policy and then use XMLHttpRequest to read the
file, I'd appreciate some hints.


Can't you enable codebase principals?
http://www.mozilla.org/projects/secu....html#codebase
If not you need to get the signTool, I think it allows you to generate a
dummy certificate:
http://www.mozilla.org/projects/secu...s.html#signing

--

Martin Honnen
http://JavaScript.FAQTs.com/

Jul 20 '05 #2
Martin Honnen wrote:

You can request the privilege with an unsigned script loaded from the
local file system.
Right, but this script will be loaded from a web server. I was fooled by
this at first, because it worked when I tested locally. But after
uploading to the server...


Can't you enable codebase principals?
http://www.mozilla.org/projects/secu....html#codebase

I fear that enabling codebase principals would be too great a challenge
to most peoplo who will visit my site, since you have to manually modify
your prefs.js file.

If not you need to get the signTool, I think it allows you to generate a
dummy certificate:
http://www.mozilla.org/projects/secu...s.html#signing

This page states in the "After Signing" section:

"For testing, use SignTool to create a test certificate (see
documentation). However, end users will not be able to use the test
certificate, so remember to obtain a certificate from a certificate
authority in order to serve a signed script on the web."

So, no luck there, too. Also:

"New in Mozilla is the syntax needed to access signed scripts within JAR
files. The syntax is as follows:

jar:http://www.domain.com/secure-scripts/secure.jar!/thepage.html

Scripts will only be treated as signed if the HTML page that contains
them is using a URL of this form."

Can someone explain this to me???

I almost fear that this might be too much trouble for something I do
just because I like programming!

Christian

Jul 20 '05 #3


Christian Schmitt wrote:
Martin Honnen wrote:
Can't you enable codebase principals?
http://www.mozilla.org/projects/secu....html#codebase

I fear that enabling codebase principals would be too great a challenge
to most peoplo who will visit my site, since you have to manually modify
your prefs.js file.


Yes, I misunderstood your intentions, I thought you want to write a page
you use yourself, but below you state that you indeed expect to get a
certificate that browsers of other users accept. I don't think there is
any way but finding an accepted certificate authority that sells you a
certificate.
If not you need to get the signTool, I think it allows you to generate
a dummy certificate:

"For testing, use SignTool to create a test certificate (see
documentation). However, end users will not be able to use the test
certificate, so remember to obtain a certificate from a certificate
authority in order to serve a signed script on the web."

So, no luck there, too. Also:

"New in Mozilla is the syntax needed to access signed scripts within JAR
files. The syntax is as follows:

jar:http://www.domain.com/secure-scripts/secure.jar!/thepage.html

Scripts will only be treated as signed if the HTML page that contains
them is using a URL of this form."

Can someone explain this to me???
I think Sun invented this
jar:url!/file
URI scheme, basically you need to pack and sign your page and script
into a .jar file and then load it that way.
I almost fear that this might be too much trouble for something I do
just because I like programming!


Yes, I am sure if you want your script to load files from other servers
it is easier and cheaper to host your page on a server where you have
server side scripting with PHP or ASP and then simply connect back to
your server passing the URL you want to fetch and let the server side
script do the work.

--

Martin Honnen
http://JavaScript.FAQTs.com/

Jul 20 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
script signing 2
by: Christian Schmitt | last post by:
Hi, after doing some more research, I found the following article describing how to get a free code signing certificate: http://www.dallaway.com/acad/webstart/ But I can't figure out how to...
Javascript
1
Some questions on code signing with smartcard
by: Martin | last post by:
I have a couple of questions around code signing with MS technology: 1. Is there a way to transfer the generated strong name signing private key directly to a smartcard (or generate it on the...
.NET Framework
4
XML signing
by: Todd Richardson | last post by:
Two questions. We would like to have users complete ASP.NET web forms for submission. Once these are completed I would like to generate an XML document from the form. The XML document should...
.NET Framework
1
signing an assembly
by: AVL | last post by:
Hi I need some clarification on signing. what does it mean--signing an assembly? where is ti used? How is it used?
ASP.NET
0
Signing ClickOnce Manifests and Shared Assemblies
by: Raffi Basmajian | last post by:
I am trying to understand the difference between signing ClickOnce manifests and signing shared assemblies. My company is building .Net 2005 WinForm applications for internal company use only....
.NET Framework
3
Script Error
by: Forced_Ambitions | last post by:
Hi Guys, I am facing a problem with a script that i had written to automate opening a website and signing on to it. It was running fine for a long time but all of a sudden it has stopped...
Python
2
Can javascript function send its argument data to PHP script within the same function
by: sufian | last post by:
<input type="image" id="imageField" class="btn" src="<?php bloginfo('template_url'); ?>/media/global/btn-go.gif" onclick = "sendRequestPost(document.getElementById('email1').value);" /> The...
Javascript
6
Anybody use Strong Name Signing?
by: raylopez99 | last post by:
Anybody use Strong Name Signing? I think this is used by default for Resource files, which is one reason perhaps I can't get my resource files to work (somehow the public key is messed up, perhaps...
C# / C Sharp
1
signer's certificate is not valid for signing (VS2008 windows forms)
by: BillE | last post by:
<extreme frustration> I have googled and read about this, but can't seem to get a grip on it. Apparently I am being coerced into digitally signing applications. Is this true? What if I don't...
.NET Framework
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!