W3C home > Mailing lists > Public > public-appformats@w3.org > September 2007

Re: ISSUE-16 (ArtB): AC: Add some rationale to the Introduction [Access Control]

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 20 Sep 2007 16:24:52 +0200
To: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.tyyibqx164w2qv@annevk-t60.oslo.opera.com>

On Thu, 20 Sep 2007 15:40:08 +0200, Anne van Kesteren <annevk@opera.com>  
> I've added some rationale to the introduction. But I haven't yet  
> indicated how an implementation could potentially become less secure. I  
> suppose we could point out that naive implementations (and  
> specifications defining how to interact with this spec) will do all  
> kinds of information leakage such as port scanning because progress  
> events are dispatched etc. and that people should be cautious with that.  
> Hmm.

I made this a bit more clear in the security considerations section.

Anne van Kesteren
Received on Thursday, 20 September 2007 14:25:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC