On Sat, 24 Oct 2009, Michael Nordman wrote:
> On Fri, Oct 23, 2009 at 8:45 PM, Ian Hickson wrote:
> > On Fri, 23 Oct 2009, Michael Nordman wrote:
> > >
> > > An area that may be worth exploring, that would add to the list
> > > things that go beyond syntactic sugar, could be for multiple
> > > d
On Fri, Oct 23, 2009 at 8:45 PM, Ian Hickson wrote:
> On Fri, 23 Oct 2009, Michael Nordman wrote:
> >
> > An area that may be worth exploring, that would add to the list things
> > that go beyond syntactic sugar, could be for multiple documents to
> > listen in on the same event-stream backed by
Hi, Maciej-
Maciej Stachowiak wrote (on 10/24/09 4:42 PM):
On Oct 24, 2009, at 10:03 AM, Adam Barth wrote:
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers mailto:schep...@w3.org>> wrote:
Sorry for being dense, but why couldn't the whitehats build toy
systems on an open honeynet?
I suspect
On Oct 24, 2009, at 10:03 AM, Adam Barth wrote:
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers
wrote:
Sorry for being dense, but why couldn't the whitehats build toy
systems on
an open honeynet?
They could, but what would we learn from such an experiment? If they
build only secure syst
Hi, David-Sarah-
David-Sarah Hopwood wrote (on 10/24/09 2:07 AM):
Currently, the prevalence and impact of CSRF attacks is limited to some
extent by the same-origin restrictions. The adoption of CORS will remove
part of that limitation. This should be expected to result in more sites
that rely o
On Fri, Oct 23, 2009 at 11:07 PM, David-Sarah Hopwood
wrote:
> The specific risk is quite clear: it's the risk of CSRF attacks that
> are currently prevented (or mitigated) by the same-origin policy.
> These won't be prevented or mitigated to the same extent by browsers
> that implement CORS.
The
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers wrote:
> Sorry for being dense, but why couldn't the whitehats build toy systems on
> an open honeynet?
They could, but what would we learn from such an experiment? If they
build only secure systems, then we'd learn that security experts can
build
On Oct 21, 2009, at 11:04 AM, ext Dominique Hazael-Massieux wrote:
(adding the Device APIs Working Group mailing list in CC:)
Hi John, Web Apps
Le lundi 19 octobre 2009 à 14:12 -0700, John Gregg a écrit :
Apologies for the delay, I've been spending the majority of my time
completing the initi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David-Sarah Hopwood wrote:
> Doug Schepers wrote:
>> I'm not at all a security expert, or even particularly
>> well-informed on the topic, but it does occur to me that most of
>> CORS' opponents seem very much in the capability-based security
>> cam
Hi, David-Sarah-
David-Sarah Hopwood wrote (on 10/24/09 2:45 AM):
Doug Schepers wrote:
I'm not at all a security expert, or even particularly well-informed on
the topic, but it does occur to me that most of CORS' opponents seem
very much in the capability-based security camp [1], and may dis
10 matches
Mail list logo
