Re: A proposal

Le Mar 19 novembre 2013 09:43, Roy T. Fielding a Ă©crit :

> Furthermore, I have a hard time believing the privacy propaganda
> being spread by the browser makers.  If they want to improve
> privacy, all they have to do is remove the crappy features
> that cause their HTTP use to be insecure.  Stop blaming the
> protocols for exposing information that shouldn't be sent in
> the first place.
> Don't allow cookies from a secure site to be sent to a non-secured site.
> Double-key cookies so that they don't share information across multiple
> referring sites. Implement an obvious logout in the UI chrome.
> Don't send cached credentials if the referring document isn't trusted
> or same-origin.  Don't allow BASIC over an unsecured connection.
> Implement authentication schemes that don't expose the user's secret.
> Prevent extensions and scripts from mimicking authentication forms.

Stop sending referers…

Nicolas Mailhot

Received on Tuesday, 19 November 2013 19:00:49 UTC