Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations from Martin Thomson on 2015-10-24 (public-privacy@w3.org from October to December 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 23 Oct 2015 21:17:38 -0700
To: Eric Rescorla <ekr@rtfm.com>
Cc: Nick Doty <npdoty@w3.org>, Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CABkgnnV7MpJUZABpcA4M_J+0za0Guk8xV4ZZcaKj6RY3D8UMcQ@mail.gmail.com>

On 23 October 2015 at 21:12, Eric Rescorla <ekr@rtfm.com> wrote:
> On the other hand, it's the advice we give to sites which handle credit
> card numbers, e-mails, and other sensitive information. Generally, if
> you once have an XSS on your site, it's fairly hard to clean up later.


Don't get me wrong, it's great advice, it's just not an effective
strategy in this case.

Received on Saturday, 24 October 2015 04:18:08 UTC