W3C home > Mailing lists > Public > public-cdf@w3.org > January 2006

CDR: security section gives inadequate account of possible attacks and of proposed security model

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 2 Jan 2006 01:57:10 -0800
Message-Id: <1851E3D5-53FA-4689-BF79-58780B1A9246@apple.com>
To: public-cdf@w3.org


This section gives a very incomplete account of of security attacks  
potentially resulting from cross-document access. Classic cross-site
scripting attacks predate the existence of either phishing or  
firewall attacks. One of the most classic cross-site scripting  
exploits is accessing a site that has confidential user information  
(for example a banking site that displays account numbers), requires  
login, and uses a persistent login mechanism such as an HTTP cookie.  
In this case, allowing a load of such a document and then granting  
scripting access is a major security risk. I think this section needs  
significantly more research to be complete, or at least external  

Also, none of this section presents an actual suggested security  
model, or discusses how one might be devised. For a spec that
admittedly has significant potatial security risks, the present  
language is insufficient to address the security considerations. I  
something more thorough, along the lines of "security considerations"  
sections in IETF specs.

Received on Monday, 2 January 2006 09:57:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:21 UTC