W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2000

RE: Web RPCs Considered Harmful

From: Andrew Layman <andrewl@microsoft.com>
Date: Mon, 22 May 2000 15:30:17 -0700
Message-ID: <7CD674FF54FBD21181D800805F57CD540D226DEF@RED-MSG-44>
To: "'Michael.Condry@eng.sun.com'" <Michael.Condry@eng.sun.com>, xml-dist-app@w3.org
Please tell me more details.  Thanks.

-----Original Message-----
From: Michael Condry [mailto:Michael.Condry@eng.sun.com]
Sent: Wednesday, May 17, 2000 9:36 AM
To: Ken MacLeod; xml-dist-app@w3.org
Subject: Re: Web RPCs Considered Harmful


Yes, but I do not see any SandBOX model here. Do we wait
until the customer crys....
>"Dave Winer" <dave@userland.com> writes:
>
>> What would be the most practical, easy and low-tech way to add a
>> layer of security, using current best-practices of the Internet?
>> 
>> Rather than seeing this a time to put the brakes on, could we get
>> into problem solving mode and have an answer that can easily be
>> implemented in conjunction with the RPC work?
>
>Since the problem is not one of active security (access control), but
>of passive security (unintended faults), the solution isn't really
>something one puts into a specification.
>
>The current best-practice of the Internet for solving the passive
>security problem is "sandboxing", highly restricting the environment
>and access to resources from where code runs so that when that code
>fails it is still confined to the sandbox.
>
>Java and JavaScript, as examples, are designed with sandboxing as a
>core feature.
>
>  -- Ken
>
Received on Monday, 22 May 2000 18:30:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:56 GMT