[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
Elliotte Rusty Harold
elharo at metalab.unc.edu
Fri Sep 26 14:19:59 PDT 2008
Michal Zalewski wrote:
> I kinda assumed this suggestion was tongue-in-cheek, but if not -
> banning cross-domain IFRAMEs to fix one flaw, without providing viable
> methods for sandboxing untrusted same-origin content, would leave web
> developers with no tools to deal with quite a few classes of major
> security issues.
It's tongue-in-cheek that I don't expect it to be adopted or seriously
considered (this year). It's not tongue-in-cheek in that I very much
wish it were adopted. That is, I think it's in the realm of the
desirable, not the possible.
I am curious what issues you see with same origin content. They
certainly exist, but I tend to feel those are orthogonal to the issues
at hand, and subject for a separate discussion.
I do think we have an existence proof that security in this realm is
possible. That's Java. Modulo some outright bugs in VMs (since repaired)
the default Java applet security model has worked and worked well since
1.0 beta 1. (1.0 alpha 1 wasn't quite strict enough.) I have seen no
security design flaws exposed in Java applets in over ten years. That's
why I suspect duplicating Java's security policy in HTML is a safe way
forward. I'm skeptical that anything less will suffice.
I don't expect this to happen, however, because many large players are
exploiting existing security design flaws in the web to do things they
shouldn't be allowed to do in the first place, especially tracking
users. Any scheme that limits the ability of advertisers and others to
track users will be strenuously resisted.
--
Elliotte Rusty Harold
elharo at metalab.unc.edu
More information about the whatwg
mailing list