Dave Cline wrote:
Mozilla's cross domain page access blocking is a MAJOR OVERSIGHT in these days of expanding use of Web Services.
Creating browser based applications which may wish to communicate directly with SOAP based Web Services not of the domain the application was served from will be a commonly demanded requirement. The absence of any mechanism to allow such communication in Mozilla constitutes a very narrow vision of future browser application use on the Web.
Are you aware of
http://www.mozilla.org/projects/webservices/
?? Indeed Mozilla has introduced a new security policy that doesn't enforce the same origin policy if the side providing a web service allows access in a file, see
http://devedge.netscape.com/viewsource/2003/wsdl/01/#The-Security-Model
--
Martin Honnen http://JavaScript.FAQTs.com/
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security