Tribe,
Mozilla's cross domain page access blocking is a MAJOR OVERSIGHT in
these days of expanding use of Web Services.
Creating browser based applications which may wish to communicate
directly with SOAP based Web Services not of the domain the
application was served from will be a commonly demanded requirement.
The absence of any mechanism to allow such communication in Mozilla
constitutes a very narrow vision of future browser application use on
the Web.
The only solution available to the Mozilla development team is to
include a checkbox and warning label within user preferences which
will enable such useful functionality.
Paranoid talk of security violations is expected. So be creative,
design some middle ground where the user is made aware of such
communication and can choose to allow or decline it on a per instance
basis. But don't just block it absolutely without providing some means
to override your heavy handed tyranical choices.
Dave Cline
~bangeye.com~
___
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
