Re: [xml-dev] Open Platform

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

From: Michael Kay <mike@saxonica.com>
To: xml-dev@lists.xml.org
Date: Tue, 14 Dec 2010 09:10:33 +0000

On 14/12/2010 03:36, Bjoern Hoehrmann wrote:
> * Michael Kay wrote:
>> Security restrictions in terms of what resources are accessible are of
>> course reasonable, though as far as I can see the cross-site-scripting
>> rules seem to be about as relevant to the real threat model as the
>> theatrical checks performed in airport security halls.
> It is common for web sites to discriminate based on client IP addresses.
> If I know for instance that some organization serves documents on its
> site that are only available to its members, and know the site is con-
> figured to require no further authentication for requests that come from
> within a member's network, I can gain access to those documents simply
> by setting up an advertisement, which sooner or later would be shown to
> someone from within such a network, which then sends me the documents.
I'm not quite sure whether your intent was to agree with me or disagree 
with me. The way I read your comment, you are agreeing with me that the 
current security model is a joke.

Michael Kay
Saxonica

References:
- Re: [xml-dev] RE: James Clark: XML versus the Web
  - From: "Simon St.Laurent" <simonstl@simonstl.com>
- Re: [xml-dev] RE: James Clark: XML versus the Web
  - From: Ben Trafford <ben@prodigal.ca>
- Re: [xml-dev] RE: James Clark: XML versus the Web
  - From: Doug <doug.duboulay@gmail.com>
- Re: [xml-dev] RE: James Clark: XML versus the Web
  - From: Michael Kay <mike@saxonica.com>
- Re: [xml-dev] RE: James Clark: XML versus the Web
  - From: Henri Sivonen <hsivonen@iki.fi>
- Re: [xml-dev] Open Platform
  - From: Michael Kay <mike@saxonica.com>
- Re: [xml-dev] Open Platform
  - From: Bjoern Hoehrmann <derhoermi@gmx.net>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]