Safer than ActiveX: a look at Google's Native Client plugin
Thursday, 18. December 2008, 11:14:27
Google has released a new experimental browser plugin that allows web applications to securely run native code on the underlying platform. The plugin, which is called Native Client, is distributed under the open source BSD license and is designed to work with all major platforms and browsers.
Allowing web applications to run native code has traditionally posed significant security risks. Microsoft's COM-based ActiveX technology, which aimed to provide developers with similar capabilities, is widely viewed as one of the most egregious security failings of the Windows operating system and it has become a frequent attack vector for malicious code.
Google believes that its security model has the potential to be far more robust and effective than the code-signing system of trust used by ActiveX. Google's engineers explain the differences between the Native Client and ActiveX security models in a paper about the project:
Source: http://arstechnica.com/news.ars/post/20081209-safer-than-activex-a-look-at-googles-native-client-plugin.html
Allowing web applications to run native code has traditionally posed significant security risks. Microsoft's COM-based ActiveX technology, which aimed to provide developers with similar capabilities, is widely viewed as one of the most egregious security failings of the Windows operating system and it has become a frequent attack vector for malicious code.
Google believes that its security model has the potential to be far more robust and effective than the code-signing system of trust used by ActiveX. Google's engineers explain the differences between the Native Client and ActiveX security models in a paper about the project:
Source: http://arstechnica.com/news.ars/post/20081209-safer-than-activex-a-look-at-googles-native-client-plugin.html
WIDGETIZE