|
Home · All Classes · Annotated · Functions | |
Some binaries, such as text-codecs and style plug-ins, are loaded by the server and generally implemented as dynamic libraries. When the server passes control to the library by making an API call, the libraries code has complete access to the server's process space, and runs with its privileges.
Unlike distributed objects connected into a system via for example an ORB or a system like DCOM, the construct of a divide over the plug-in API is simply a programming convention - the malicious or flawed plug-in can index into the in-memory image of the server and read or alter its data.
For this reason only packages determined as trusted by the PKI framework of the SXE are given status that allows them to be loaded by the server. It is not possible to sandbox an application that is running the same process as the server.
It is the job of the PKI framework to allow establishing trust in a package for this purpose. The Qtopia development office maintains a Certificate Authority (CA) certificate able to sign other certificates. These other certificates can then be issued to clients and 2nd-parties needing to create trusted packages. The Qtopia development office also signs its own packages.
Other frameworks for 3rd-party applications provide a package trust feature which forms a principal plank of the security promised by the framework. This is a sub-optimal approach because:
Therefore, for the SXE the PKI are small and few certificates are issued ensuring that CRL will not be required.
The PKI framework is intended for software releases which form a part of Qtopia and released by us; and for close industry partners who might use it to release updates to the device software stack.
It is not intended for a general end-to-end authentication framework for developers of games and other 3rd-party applications.
Note: Downloaded 3rd-party applications are generally untrusted.
| Copyright © 2006 Trolltech | Trademarks | Qtopia 4.1.7 |