[whatwg] Proposal for cross domain security framework
jonas at depagecms.net
Fri Jun 20 08:58:37 PDT 2008
> 1. Browser downloads a script from server A.
> 2. Script tries to connect to server B.
> 3. Browser looks up server B's IP-address.
> 4. Browser performs a reverse lookup of server B's IP-address and gets
> a host name for the server.
> 5. Browser looks up a special TXT record in the DNS record for Server
> B, which states each of the IP addresses/host names that can hosts
> scripts allowed to connect.
> DNS records are cached multiple places (including at the local
> computer), so a DDOS attack attempting to take down DNS servers
> probably not succeed.
DNS-Server-Information is often not accessible for many hosts/shared hosts.
Adobe has some of the same Problems with the Adobe-Flash-Player.
They use a crossdomain.xml-file to provide policy-informations.
In the Flash Player 9,0,115,0 they introduced something like meta-policies:
Probably worth a read, when we discuss this topic...
frank hellenkamp | interface designer
hasenheide 53 | 10967 berlin
+49.30.49 78 20 70 | tel
+49.173.70 55 781 | mbl
+49.1805.4002.243 912 | fax
jonas at depagecms.net | mail
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 260 bytes
Desc: OpenPGP digital signature
More information about the whatwg