jim.ley at gmail.com
Sun Mar 19 04:23:11 PST 2006
On 3/19/06, Douglas Crockford <douglas at crockford.com> wrote:
> > The mimetype you're defining, because it is new, pretty-much ensures
> > no existing service behind an intranet could be affected.
> > I could still envision one day developers setting-up JSON syndication
> > services behind an intranet, not quite grokking the fact that their
> > data is now accessible from outside of their intranet. Silly, i know
> > but ...
> It is a concern. The only solution to that that I can see is education.
No, the solution is pretty clear, all cross domain activity is
designed to be OPT-IN, just like all other current methods, then
concious effort needs to be made to allow your data onto other peoples
> A con with JSONRequest is
> that if your are incompetent in determining your authentications, then data may
Or indeed wrote your script before this JSONRequest was invented.
Please remove your false and misleading "introduces no new security problems".
More information about the whatwg