W3C home > Mailing lists > Public > public-appformats@w3.org > August 2006

Re: Elliotte Rusty Harold on Access Control

From: L. David Baron <dbaron@dbaron.org>
Date: Wed, 2 Aug 2006 11:30:14 -0700
To: public-appformats@w3.org
Message-ID: <20060802183014.GA24161@ridley.dbaron.org>
On Wednesday 2006-08-02 14:10 -0400, Doug Schepers wrote:
> Mr. Harold does not seem to care for the Access Control specification, using
> such colorful language as "colossally brain damaged" and "the single most
> broken security design I've seen in years".
> 
> http://www.cafeconleche.org/oldnews/news2006May27.html

I think the complaint I'd take most seriously is the latter part of:
# At best this is a very poorly written specification that doesn'tt
# explain what it's actually trying to do.

It would be good if "cross-site scripting" appeared in the document
introduction rather than appearing only once in section three, since the
point of it (as I understand it) is to allow a page to relax cross-site
scripting restrictions on accessing it.

-David

-- 
L. David Baron                                <URL: http://dbaron.org/ >
           Technical Lead, Layout & CSS, Mozilla Corporation

Received on Wednesday, 2 August 2006 18:30:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:19 GMT