W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: New Security considerations

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 31 Dec 2005 11:58:10 +0100
Message-ID: <43B66442.6080800@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Barry Lind <blind@xythos.com>, WebDav <w3c-dist-auth@w3.org>

Lisa Dusseault wrote:
> 
> Barry, can you provide more info or pointers on how a script can read 
> another user's cookies?
> 
> Aside from that point of confusion, Julian, it sounds like you have some 
> ways to improve this section, but I'm not sure which way you propose to 
> go (e.g. whether the discussion of arbitrary content needs to be 
> expanded or other).  Can you make a concrete proposal?

My concrete proposal is not to have that section at all. If it's going 
to stay, it will need more review as it is relevant to Security. Getting 
things wrong or even confusing here seems to be worse than not saying 
anything at all.

Best regards, Julian
Received on Saturday, 31 December 2005 11:06:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:12 GMT