- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 15 Jan 2008 21:09:23 +0100
- To: "David Orchard" <dorchard@bea.com>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Tue, 15 Jan 2008 17:44:35 +0100, David Orchard <dorchard@bea.com> wrote: > If Cookies would be sent as part of more requests because of deployment > of the Access Control spec, then isn't this spec opening a new attack > vector? I understand your point that cookies are already sent under > img, script and form, but this is something newer and in addition to > those. I think I disagree. The (type of) request is identical. Especially since it's about the request and not about the protocol that issues the request. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 15 January 2008 20:06:39 UTC