- From: Maciej Stachowiak <mjs@apple.com>
- Date: Mon, 2 Jan 2006 01:57:10 -0800
- To: public-cdf@w3.org
2.5 This section gives a very incomplete account of of security attacks potentially resulting from cross-document access. Classic cross-site scripting attacks predate the existence of either phishing or firewall attacks. One of the most classic cross-site scripting exploits is accessing a site that has confidential user information (for example a banking site that displays account numbers), requires login, and uses a persistent login mechanism such as an HTTP cookie. In this case, allowing a load of such a document and then granting scripting access is a major security risk. I think this section needs significantly more research to be complete, or at least external references. Also, none of this section presents an actual suggested security model, or discusses how one might be devised. For a spec that admittedly has significant potatial security risks, the present language is insufficient to address the security considerations. I recommend something more thorough, along the lines of "security considerations" sections in IETF specs. Regards, Maciej
Received on Monday, 2 January 2006 09:57:18 UTC