On Tue, 08 Jun 2010 21:26:12 +0200, Atul Varma <ava...@mozilla.com> wrote:
For what it's worth, I think that giving developers tools to easily define more granular security mechanisms without resorting to subdomains is a win in terms of usability, as it's quite difficult to figure out how to create subdomains and do virtual hosting--to say nothing of doing it over SSL.
On DreamHost creating a new subdomain is a couple of clicks...
That said, introducing a brand new mechanism for security on top of SOP does seem like it might make the security landscape more complex as a whole, and thereby potentially more vulnerable.
-- Anne van Kesteren http://annevankesteren.nl/
