Isn't any security that's based on the browser enforcing a policy essentially a sham? Or more politely, guaranteed to be ineffective against a deliberate attack.
The browsers are open source, and the communications channel is unencrypted, and you don't have to use a browser at all. There are just too many ways for browser security to be bypassed. This may not matter much if the target of the attack is presumed to be the user, but what if the target is the host site? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---