Doug Schepers wrote:
Jonathan Rees wrote (on 10/23/09 5:04 PM):
The brief summary of the debate is that Mark M is citing Tyler's
argument, and Mark's and Tyler's long experience with this kind of
thing, in predicting that any system with the currently described CORS
architecture will have
Doug Schepers wrote:
I'm not at all a security expert, or even particularly well-informed on
the topic, but it does occur to me that most of CORS' opponents seem
very much in the capability-based security camp [1], and may distrust or
dislike something more authentication-based like CORS.
The
Hi, David-Sarah-
David-Sarah Hopwood wrote (on 10/24/09 2:45 AM):
Doug Schepers wrote:
I'm not at all a security expert, or even particularly well-informed on
the topic, but it does occur to me that most of CORS' opponents seem
very much in the capability-based security camp [1], and may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David-Sarah Hopwood wrote:
Doug Schepers wrote:
I'm not at all a security expert, or even particularly
well-informed on the topic, but it does occur to me that most of
CORS' opponents seem very much in the capability-based security
camp [1],
On Oct 21, 2009, at 11:04 AM, ext Dominique Hazael-Massieux wrote:
(adding the Device APIs Working Group mailing list in CC:)
Hi John, Web Apps
Le lundi 19 octobre 2009 à 14:12 -0700, John Gregg a écrit :
Apologies for the delay, I've been spending the majority of my time
completing the
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers schep...@w3.org wrote:
Sorry for being dense, but why couldn't the whitehats build toy systems on
an open honeynet?
They could, but what would we learn from such an experiment? If they
build only secure systems, then we'd learn that security
On Fri, Oct 23, 2009 at 11:07 PM, David-Sarah Hopwood
david-sa...@jacaranda.org wrote:
The specific risk is quite clear: it's the risk of CSRF attacks that
are currently prevented (or mitigated) by the same-origin policy.
These won't be prevented or mitigated to the same extent by browsers
Hi, David-Sarah-
David-Sarah Hopwood wrote (on 10/24/09 2:07 AM):
Currently, the prevalence and impact of CSRF attacks is limited to some
extent by the same-origin restrictions. The adoption of CORS will remove
part of that limitation. This should be expected to result in more sites
that rely
On Oct 24, 2009, at 10:03 AM, Adam Barth wrote:
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers schep...@w3.org
wrote:
Sorry for being dense, but why couldn't the whitehats build toy
systems on
an open honeynet?
They could, but what would we learn from such an experiment? If they
build
Hi, Maciej-
Maciej Stachowiak wrote (on 10/24/09 4:42 PM):
On Oct 24, 2009, at 10:03 AM, Adam Barth wrote:
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers schep...@w3.org
mailto:schep...@w3.org wrote:
Sorry for being dense, but why couldn't the whitehats build toy
systems on an open
On Fri, Oct 23, 2009 at 8:45 PM, Ian Hickson i...@hixie.ch wrote:
On Fri, 23 Oct 2009, Michael Nordman wrote:
An area that may be worth exploring, that would add to the list things
that go beyond syntactic sugar, could be for multiple documents to
listen in on the same event-stream
On Sat, 24 Oct 2009, Michael Nordman wrote:
On Fri, Oct 23, 2009 at 8:45 PM, Ian Hickson i...@hixie.ch wrote:
On Fri, 23 Oct 2009, Michael Nordman wrote:
An area that may be worth exploring, that would add to the list
things that go beyond syntactic sugar, could be for multiple
12 matches
Mail list logo