[whatwg] origin+path namespacing and security
Ian Hickson
ian at hixie.ch
Wed Sep 2 14:43:29 PDT 2009
On Fri, 28 Aug 2009, Mike Wilson wrote:
>
> My chain of thoughts is something like below (this is just a general
> picture so don't take it too literally):
>
> - invent a more restrictive mechanism for script access
> between documents from the same origin ("host") so it
> can be limited based on a base path
> - this mechanism needs a way to specify the blessed path,
> maybe something along the lines of document.domain or a
> response header
> - the default blessed path should probably be as
> permissive as today to not break existing content on
> the Web (though maybe some smart algorithm may be
> developed that adds some restrictions)
> - if new browsers implement this mechanism, it means it
> will be possible to secure all new HTML5 features
> implemented at the same time or later, as authors can
> depend on that, if a browser has feature X, then it also
> has path-based security
> - old browsers will still ignore the new path-based
> restrictions, but they will not have the new HTML5
> features so these can not be exploited
> - cookies will still be exploitable in old browsers and
> for legacy content, but as old browsers are phased out
> application authors can more and more depend on cookies
> also being "safe" based on configured path security
It's definitely too late to take on anything this radical in the HTML5
time frame. I would recommend building experiments on these lines,
publishing papers and getting peer review, and so on, to see what could be
done on the long term.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list