[whatwg] Security thoughts

[timeless]

On Mon, May 10, 2010 at 2:31 AM, Perry Smith <pedzsan at gmail.com> wrote:
> If we have a site like official_site.area_subdomain.big.com which relaxes the
> restriction to area_subdomain.big.com, it is now exposed to the potential of
> an attack from any of the systems within the same area_subdomain including
> laptops connected via wifi.  The wifi is secure.  The place I work at trusts me
> to some degree but with a large corporation, they very often try to restrict
> information on the "need to know" basis.  And, corporate espionage is a real threat.

Sites shouldn't be configured this way.

They should have two domains, one used for corporate servers:
*.big.com
one used for untrustworthy systems:

<guest>.evil

There's no reason to stick computers into area_subdomain.big.com (if
you manage to get dns search right).

I've seen networks which are properly configured with a secondary domain.

But roughly speaking, if you're allowed to put a computer into
<host>.area_subdomain.big.com, your neighbors have already lost.

Where I work, we have hundreds of servers which pop up random dialogs
asking for my windows domain credentials. Some use HTTP Auth requests,
some use html forms to ask for it. There's no way for a user to
determine if a server is real or not, and most have expired or
otherwise invalid certificates, everyone has to trust all of them.
Thus we trust the network not to allow computers which don't belong
into the interesting subnets (and in theory there's something
patrolling those networks to guard against this problem).