W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 14 Dec 2009 14:38:27 -0800
Message-ID: <7789133a0912141438j26d7b19cxe7de02eda19af3d2@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Jonathan Rees <jar@creativecommons.org>, "Mark S. Miller" <erights@google.com>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Mon, Dec 14, 2009 at 2:13 PM, Tyler Close <tyler.close@gmail.com> wrote:
> For example, the
> User Consent Phase and Grant Phase above could be replaced by a single
> copy-paste operation by the user.

Any design that involves storing confidential information in the
clipboard is insecure because IE lets arbitrary web sites read the
user's clipboard.  You can judge that to be a regrettable choice by
the IE team, but it's just a fact of the world.

Adam
Received on Monday, 14 December 2009 22:39:19 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT