[whatwg] Proposal for cross domain security framework

Frode Børli frode at seria.no
Fri Jun 20 12:18:52 PDT 2008


> Web applications could still easily ported from one system to the
> other, because the file would be processed transparently.
>
> The only problem I see is getting the allowed domains right, the
> xsocket file can point to. On the one hand, you may want a dedicated
> machine for the persistent connections if you run a very popular
> service and anticipate many connections at once. On the other hand,
> you don't want an evil site getting access to your service using their
> own xsocket file.

All servers that can accept connections must have a xsocket file.

The only way around this that I see is my reverse DNS proposal...

-- 
Best regards / Med vennlig hilsen
Frode Børli
Seria.no

Mobile:
+47 406 16 637
Company:
+47 216 90 000
Fax:
+47 216 91 000


Think about the environment. Do not print this e-mail unless you really need to.

Tenk miljø. Ikke skriv ut denne e-posten dersom det ikke er nødvendig.


More information about the whatwg mailing list