[XML-DEV Mailing List Archive Home]
[By Thread]
[By Date]
Re: [xml-dev] json v. xml
- From: "David Megginson" <david.megginson@...>
- To: xml-dev <xml-dev@...>
- Date: Mon, 8 Jan 2007 20:02:07 -0500
On 08/01/07, Nathan Young -X (natyoung - Artizen at Cisco) <natyoung@...>
> Hardwired security measures:
> - restrict the viewing experience of a given page to include only
> those things that come from the same server as the page itself
> - applies to XHR
> - applies partly to frames and iframes (you can request whatever
> you want but you can't see what you get back)
> - does not apply to img, js, css, etc
> - restrict requests to an outside server to a list of requests
> defined by that server to be valid targets to third party requests
> - implemented in newer flash plugins
It turns out that iframes are leaky and can be used cross-domain:
http://blog.monstuff.com/archives/000304.html
> Sorry I don't have any concrete conclusions to draw here.
How's this for a conclusion (pax Gilmore):
"Web 2.0 interprets security as damage and routes around it".
All the best,
David
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
|
