[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Open Platform

• From: Bjoern Hoehrmann <derhoermi@gmx.net>
• To: Michael Kay <mike@saxonica.com>
• Date: Tue, 14 Dec 2010 04:36:46 +0100

* Michael Kay wrote:
>Security restrictions in terms of what resources are accessible are of 
>course reasonable, though as far as I can see the cross-site-scripting 
>rules seem to be about as relevant to the real threat model as the 
>theatrical checks performed in airport security halls.

It is common for web sites to discriminate based on client IP addresses.
If I know for instance that some organization serves documents on its
site that are only available to its members, and know the site is con-
figured to require no further authentication for requests that come from
within a member's network, I can gain access to those documents simply
by setting up an advertisement, which sooner or later would be shown to
someone from within such a network, which then sends me the documents.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

• Follow-Ups:
  • Re: Open Platform
    • From: Michael Kay <mike@saxonica.com>

• References:
  • Re: RE: James Clark: XML versus the Web
    • From: "Simon St.Laurent" <simonstl@simonstl.com>
  • Re: RE: James Clark: XML versus the Web
    • From: Ben Trafford <ben@prodigal.ca>
  • Re: RE: James Clark: XML versus the Web
    • From: Doug <doug.duboulay@gmail.com>
  • Re: RE: James Clark: XML versus the Web
    • From: Michael Kay <mike@saxonica.com>
  • Re: RE: James Clark: XML versus the Web
    • From: Henri Sivonen <hsivonen@iki.fi>
  • Re: Open Platform
    • From: Michael Kay <mike@saxonica.com>