[whatwg] Content Restrictions
ian at hixie.ch
Tue Jan 31 12:29:07 PST 2006
On Mon, 30 Jan 2006, Gervase Markham wrote:
> Ian Hickson wrote:
> > My first impression is that it is far too complex and over-engineered.
> OK... What do you think the requirements are for a solution to this
> problem? I tried to make my types of restrictions match up with common
> use cases, but I may well have picked the wrong ones.
I don't really know.
> > The problem with security is that people don't understand the issues.
> > We don't want to give authors too fine-grained control, because most
> > authors will get it wrong, but be lulled into a false sense of
> > security because they are "using Content Restrictions".
> OK; but if your control is too coarse-grained, then people who want to
> permit just a little bit of scripting are forced to not have any
> restrictions at all.
Sure. But they're in the 10%, the 90% is secure. Whereas with a complex
system, maybe 5% is secure, 90% thinks it is but isn't, and the remaining
5% still don't have enough fine-grained control.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg