Re: [xml-dev] json v. xml

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

From: "David Megginson" <david.megginson@gmail.com>
To: xml-dev <xml-dev@lists.xml.org>
Date: Mon, 8 Jan 2007 20:02:07 -0500

On 08/01/07, Nathan Young -X (natyoung - Artizen at Cisco) <natyoung@cisco.com>

> Hardwired security measures:
>  - restrict the viewing experience of a given page to include only
>    those things that come from the same server as the page itself
>    - applies to XHR
>    - applies partly to frames and iframes (you can request whatever
>      you want but you can't see what you get back)
>    - does not apply to img, js, css, etc
>  - restrict requests to an outside server to a list of requests
>    defined by that server to be valid targets to third party requests
>    - implemented in newer flash plugins

It turns out that iframes are leaky and can be used cross-domain:

  http://blog.monstuff.com/archives/000304.html

> Sorry I don't have any concrete conclusions to draw here.

How's this for a conclusion (pax Gilmore):

  "Web 2.0 interprets security as damage and routes around it".


All the best,


David

References:
- Re: [xml-dev] json v. xml
  - From: Rick Marshall <rjm@zenucom.com>
- RE: [xml-dev] json v. xml
  - From: "Nathan Young -X \(natyoung - Artizen at Cisco\)" <natyoung@cisco.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]