- From: Jon Ferraiolo <jferrai@us.ibm.com>
- Date: Sat, 1 Sep 2007 13:12:42 -0700
- To: Thomas Roessler <tlr@w3.org>
- Cc: public-appformats@w3.org
- Message-ID: <OF5ACF9141.F5A7A594-ON88257349.006E5FB1-88257349.006F06DB@us.ibm.com>
Hi everyone, I have been involved in some on-again-off-again discussions about access control over the past few months with various security experts at OpenAjax Alliance and at IBM, and a little with Doug Crockford of Yahoo. It will take me some time to do my homework and research what various people have said, but I just wanted the WAF committee to expect that in the next few weeks I will do my best to consolidate the various discussions and send good feedback on the security pros and cons of the latest access control draft. For now, I will say that some concerns will be raised. Jon Jon Ferraiolo <jferrai@us.ibm.com> OpenAjax Alliance and IBM Thomas Roessler <tlr@w3.org> Sent by: To public-appformats public-appformats@w3.org -request@w3.org cc Subject 08/30/2007 12:55 Heads-up: Some buzz about AM access-control Apparently, the Mozilla folks have announced support for the access-control spec, and caused some buzz about it. I've dropped some pointers to this WG's public comment address. Cheers, -- Thomas Roessler, W3C <tlr@w3.org> ----- Forwarded message from bugtraq@cgisecurity.net ----- From: bugtraq@cgisecurity.net To: websecurity@webappsec.org Date: Tue, 28 Aug 2007 18:54:19 -0400 (EDT) Subject: [WEB SECURITY] firefox3 vuln by design? X-Spam-Level: Mailing-List: contact websecurity-help@webappsec.org; run by ezmlm X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 pdp had an interesting read at http://www.gnucitizen.org/blog/i-dont-think-that-you-understand-firefox3-vulnerable-by-design Any mozilla people care to chime in? - Robert http://www.cgisecurity.com/ http://www.qasec.com/ ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] ----- End forwarded message -----
Attachments
- image/gif attachment: graycol.gif
- image/gif attachment: pic27449.gif
- image/gif attachment: ecblank.gif
Received on Saturday, 1 September 2007 20:14:01 UTC