W3C home > Mailing lists > Public > public-web-security@w3.org > August 2012

RE: http client side security issues

From: Hill, Brad <bhill@paypal-inc.com>
Date: Mon, 27 Aug 2012 22:07:45 +0000
To: Adam Barth <w3c@adambarth.com>, yuming huang <http.client.security@hotmail.com>
CC: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E220B15@DEN-EXDDA-S12.corp.ebay.com>
Thanks, Adam.

Yuming,  this is list is for discussing the specifications under development in the Web Application Security Working Group at the W3C.  (specifically, Content Security Policy, Cross Origin Resource Sharing and anti-clickjacking work)

I would second Adam's suggestion that OWASP is a good resource for general web security questions, as is the WASC, at http://webappsec.org/, and with a mailing list at:

http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Good luck,

Brad Hill

> -----Original Message-----
> From: Adam Barth [mailto:w3c@adambarth.com]
> Sent: Monday, August 27, 2012 11:00 AM
> To: yuming huang
> Cc: public-web-security@w3.org
> Subject: Re: http client side security issues
> 
> You might not get the kinds of responses you're looking for from this mailing
> list.  You might find better information from OWASP:
> 
> https://www.owasp.org/
> 
> Adam
> 
> 
> On Fri, Aug 24, 2012 at 2:06 PM, yuming huang
> <http.client.security@hotmail.com> wrote:
> > Hi,
> >
> > The following questions are about current HTML standard (HTML 4.0,
> > 4.1, 5.0?), as well as actual implementations (Internet Explorer,
> > Firefox, Chrome).
> >
> > 1. Is silent download other than the HTML file itself allowed?  How does it
> > work if possible?   How to prevent it from happening?
> > For example(IE), a user types in a url and hits enter key. IE renders
> > a web page (user sees it) and downloads a binary file silently to
> > user's PC (user does not know).  Later the binary gets to run.
> >
> > 2. What are the means for web server to collect infomation from a web
> > client user?  Form, Cookie, browser signature...
> >
> >
> > I searched http://lists.w3.org/Archives/Public/public-web-security/
> > but found no result.
> >
> >
> > Thanks!
> >
> >
Received on Monday, 27 August 2012 22:08:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 August 2012 22:08:14 GMT