[whatwg] JSONRequest
Jim Ley
jim.ley at gmail.com
Sun Mar 19 04:23:11 PST 2006
On 3/19/06, Douglas Crockford <douglas at crockford.com> wrote:
> > The mimetype you're defining, because it is new, pretty-much ensures
> > no existing service behind an intranet could be affected.
>
> > I could still envision one day developers setting-up JSON syndication
> > services behind an intranet, not quite grokking the fact that their
> > data is now accessible from outside of their intranet. Silly, i know
> > but ...
>
> It is a concern. The only solution to that that I can see is education.
No, the solution is pretty clear, all cross domain activity is
designed to be OPT-IN, just like all other current methods, then
concious effort needs to be made to allow your data onto other peoples
sites.
> A con with JSONRequest is
> that if your are incompetent in determining your authentications, then data may
> leak.
Or indeed wrote your script before this JSONRequest was invented.
Please remove your false and misleading "introduces no new security problems".
Jim.
More information about the whatwg
mailing list