- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 08 Dec 2014 23:00:17 -0500
- To: Kingsley Idehen <kidehen@openlinksw.com>, public-webpayments@w3.org
On 12/08/2014 06:36 PM, Kingsley Idehen wrote: > On 12/8/14 1:16 PM, Melvin Carvalho wrote: >> >> SOP = Same Origin Policy. > > Who genuinely needs that in a Web of Trust where verifiable identity > is intrinsic and policies are driven by logic? Everyone. You don't want any random bit of Javascript to be able to change any DOM on any page that is loaded in the browser. SOP is a very good idea for a first defense against attacks. Deny All, then relax just the bits you need is a good approach to security. CORS was specifically designed to relax the SOP protections in browsers in particular important/common scenarios. > These flaky and inflexible "big brother" hacks eternally undermine > the Web, especially via browsers (which are clearly now living on > borrowed time) :) Why is SOP a flaky and inflexible hack? -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Tuesday, 9 December 2014 04:00:42 UTC