Integrating the XeroBank installer is an interesting task. Some users need different help than others, so we've got some changes to work out. The first is that xB VPN is having some interaction trouble with x64 in the TAP drivers for one user. Another issue we've seen is that if xB VPN starts too early in the operating system, it throws a GUI error about logs files. For some the xB Mail installer somehow gets triggered, which is slightly interesting. We have yet to replicate that issue. Another interesting issue that caused a reversion error was some symlinks in the SVN environment. That meant that if there weren't full uploads then downloads, you wouldn't see the changes affected.
For xB Browser, for users running XeroBank, we've removed noscript and replaces it with SSP. That allows users to protect against cross-site scripting, and false certificates, without dealing with NoScript issues.
Update: My mistake in reading the minutes, we aren't removing NoScript, we're disabling NoScript script/plugin blocking for VPN users, in addition to playing with adding SSP.
skip to main |
skip to sidebar
Copyright 2008 XeroBank / Legal Notices / Privacy Policy
4 comments:
What's this "SPP"?
How is it supposed to replace NoScript features?
Thanks!
SSP stands for Site Security Policy, which is a Mozilla extension that stops XSS (Cross Site Scripting) and false certificate usage.
SSP is a server-side driven technology, cannot be controlled by users and does not stop anything unless the web site you're visting is correctly configured to implement it.
Therefore it cannot replace NoScript, even if is a nice addition and a precious help for site administrators who don't trust their web developers' security skills.
BTW, do you know any site which is currently supporting SSP?
ehm.. isn't that extension incomplete and proof of concept?
Post a Comment