[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Open Platform
- From: Rob Koberg <rob@koberg.com>
- To: Henri Sivonen <hsivonen@iki.fi>
- Date: Mon, 13 Dec 2010 18:55:17 -0800
On Mon, Dec 13, 2010 at 5:06 PM, Henri Sivonen <hsivonen@iki.fi> wrote:
> On Dec 13, 2010, at 06:30, Michael Kay wrote:
>> Security restrictions in terms of what resources are accessible are of course reasonable, though as far as I can see the cross-site-scripting rules seem to be about as relevant to the real threat model as the theatrical checks performed in airport security halls.
>
> Could you, please, elaborate? How is the Same-Origin Policy not relevant to the threat of information leakage when the browser has ambient authorization to access private data from another origin?
* Copy and paste
* proxy content through a machine under your control
Simple enough to get around for those concerns. Why does the browser
need to be the policeman, especially for XML that (other than some
huge document) cannot affect the user's session. With the 'ambient
authorization' you (the information leaker) at least know something
about the end user getting your content. With proxying or scraping,
you don't.
Laws exist that offer remedies to copyright infringement.
best,
-Rob
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
