Re: Open Platform
On Mon, Dec 13, 2010 at 5:06 PM, Henri Sivonen <email@example.com> wrote: > On Dec 13, 2010, at 06:30, Michael Kay wrote: >> Security restrictions in terms of what resources are accessible are of course reasonable, though as far as I can see the cross-site-scripting rules seem to be about as relevant to the real threat model as the theatrical checks performed in airport security halls. > > Could you, please, elaborate? How is the Same-Origin Policy not relevant to the threat of information leakage when the browser has ambient authorization to access private data from another origin? * Copy and paste * proxy content through a machine under your control Simple enough to get around for those concerns. Why does the browser need to be the policeman, especially for XML that (other than some huge document) cannot affect the user's session. With the 'ambient authorization' you (the information leaker) at least know something about the end user getting your content. With proxying or scraping, you don't. Laws exist that offer remedies to copyright infringement. best, -Rob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format