原文链接:https://devblogs.microsoft.com/oldnewthing/20060112-15/?p=32683
译注:原文第一段超级长,为方便阅读,进行了手工拆分。
Perhaps the biggest risk when making a change in the name of security is all the things that may have been relying on the previously-lax security settings. After all, disabling an insecure feature is easy. The hard part is disabling it while retaining compatibility with people who were relying on that feature.
可能以安全之名做出改变的最大风险,就是那些依赖从前并不那么严格的安全设置的东西。毕竟,关闭一项不安全的功能并不困难,困难的是在关闭它的同时,还能保持与依赖这些功能的人的兼容性。
In the security investigations I’ve been involved with, perhaps the largest chunk of my time is spent trying to find a way to mitigate the security hole without breaking existing customers. (And it’s the Line of Business scenario that is the biggest question mark.)
在我所参与过的安全审查工作中,可能花费时间最多的就是找到一条门路来减缓某个安全漏洞的影响,而不至于破坏既有客户的体验。(并且也是商业用户这条线上的问题最大)
Here’s a real-life example: Consider a sports web site which sells a service to subscribers wherein the site creates a pop-up window whenever a game’s score has changed or some other significant event has occurred. That way, you can leave your browser minimized and go about your day, but when something happens in the game, it will pop up an alert. The round of security changes in Windows XP SP2 broke this site because the rules on positioning of pop-up windows were tightened so that pop-up windows could not appear outside the browser itself. This prevents pop-up windows from being used to cover important browser elements (such as the status bar, the address bar, or a security dialog) and makes it harder for pop-ups to masquerade as system dialogs. But it also broke this company’s business model. And of course, if Microsoft does something that cause you to lose money, you sue. There were probably corporations that had internal web sites that relied on the ability to position pop-ups without restriction. Those corporations no doubt also complained about this change in the name of security.
来举一个现实的例子:假设有一个体育网站向客户销售一种服务,这种服务会在某场比赛的比分发生改变、或有重大事项发生时弹出一个窗口,如此你便可以将浏览器窗口最小化去做别的事,而当比赛出现变化时便会弹出提示。Windows XP SP2的一轮安全更新破坏了这一机制,因为弹出窗口的规则收紧了,现在弹出窗口不能在上级窗口范围之外弹出了。这一改变是用来放置窗口遮蔽浏览器的重要元素(如状态栏、地址栏,或某个安全对话框)的,也让弹出窗口冒充系统对话框的几率大减。然而这项措施也破坏了这家(体育网站)公司的商业模型。理所当然的是,如果微软公司的所作所为让你蒙受了经济损失,你当然会选择起诉。同样的,也有一些企业的内部网站依赖旧有的设计,来将弹出窗口不受限制地进行定位,这些企业也无一例外地抱怨这项以安全之名做出的改变。
As with most security changes that have compatibility consequences, a “safety valve” was added to return to the old insecure behavior for those customers who were relying on it. In this case, you can put the affected sites in the Trusted Sites zone and enable the “Allow script-initiated windows without size or position constraints” setting. But this is just a stop-gap, re-opening the security hole to let this site continue to operate the way it does. The real fix is not to rely on the security hole.
就像多数包含兼容性后遗症的安全更新一样,开发者增加了一道『安全阀』来方便那些仍然依赖旧有的、不安全的行为的客户。在这种情况下,你可以将受影响的网站放进『信任的站点』列表中,并启用『允许脚本启动的窗口不受大小或位置限制』的选项。不过,这只是一道权宜之计,等于将安全漏洞重新打开来,让那些网站可以继续按照旧有的方式运作。真正的修复方式,是不再依赖这些安全漏洞。
远嚣 Comment