W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: ISSUE 19: Requirements and Usage Scenarios document

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 15 Jan 2008 21:09:23 +0100
To: "David Orchard" <dorchard@bea.com>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t4zl9xu364w2qv@annevk-t60.oslo.opera.com> 

On Tue, 15 Jan 2008 17:44:35 +0100, David Orchard <dorchard@bea.com> wrote:
> If Cookies would be sent as part of more requests because of deployment
> of the Access Control spec, then isn't this spec opening a new attack
> vector? I understand your point that cookies are already sent under
> img, script and form, but this is something newer and in addition to
> those.

I think I disagree. The (type of) request is identical. Especially since  
it's about the request and not about the protocol that issues the request.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 15 January 2008 20:06:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 15 January 2008 20:06:40 GMT