Tribe, Mozilla's cross domain page access blocking is a MAJOR OVERSIGHT in these days of expanding use of Web Services.
Creating browser based applications which may wish to communicate directly with SOAP based Web Services not of the domain the application was served from will be a commonly demanded requirement. The absence of any mechanism to allow such communication in Mozilla constitutes a very narrow vision of future browser application use on the Web. The only solution available to the Mozilla development team is to include a checkbox and warning label within user preferences which will enable such useful functionality. Paranoid talk of security violations is expected. So be creative, design some middle ground where the user is made aware of such communication and can choose to allow or decline it on a per instance basis. But don't just block it absolutely without providing some means to override your heavy handed tyranical choices. Dave Cline ~bangeye.com~ _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security