[whatwg] Dealing with UI redress vulnerabilities inherent tothe current web
Robert O'Callahan
robert at ocallahan.org
Fri Sep 26 20:49:54 PDT 2008
On Sat, Sep 27, 2008 at 3:17 PM, Richard's Hotmail <maher_rj at hotmail.com>wrote:
> https://jdk6.dev.java.net/plugin2/
> http://weblogs.java.net/blog/joshy/archive/2008/05/java_doodle_cro.html
>
>
We have a W3C spec for the latter called Access Controls, which is a good
deal more secure than Java/Flash's crossdomain.xml.
Anyway, the fact that Java is evolving some sort of cross-domain capability
doesn't help make the argument that the Java 1.0 same-origin sandbox model
is an adequate solution to everything.
Rob
--
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080927/90ee521b/attachment.htm>
More information about the whatwg
mailing list