If you have built your site correctly, a malicious browser cannot harm your site.
Lets say you build a browser that sends out cookies to you. The point is, you have to first get a real user to actually use your browser. And there lies the security - you can't get me using your hacked browser. If the network in unencrypted, sure - you can get hold of information. But if it is https protected, then man-in-the-middle attacks become difficult, and even if you were able to monitor the traffic, it would be all garbled. --sri On Sep 10, 4:18 pm, ddyer <ddyer-goo...@real-me.net> wrote: > Isn't any security that's based on the browser enforcing a policy > essentially a sham? > Or more politely, guaranteed to be ineffective against a deliberate > attack. > > The browsers are open source, and the communications channel is > unencrypted, > and you don't have to use a browser at all. There are just too many > ways for browser > security to be bypassed. > > This may not matter much if the target of the attack is presumed to be > the user, but > what if the target is the host site? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---