OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] json v. xml

On 08/01/07, Nathan Young -X (natyoung - Artizen at Cisco) <natyoung@cisco.com>

> Hardwired security measures:
>  - restrict the viewing experience of a given page to include only
>    those things that come from the same server as the page itself
>    - applies to XHR
>    - applies partly to frames and iframes (you can request whatever
>      you want but you can't see what you get back)
>    - does not apply to img, js, css, etc
>  - restrict requests to an outside server to a list of requests
>    defined by that server to be valid targets to third party requests
>    - implemented in newer flash plugins

It turns out that iframes are leaky and can be used cross-domain:


> Sorry I don't have any concrete conclusions to draw here.

How's this for a conclusion (pax Gilmore):

  "Web 2.0 interprets security as damage and routes around it".

All the best,


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS