W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: Feedback on Access Control

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 23 Jan 2008 00:17:38 +0100
To: "Mark Nottingham" <mnot@yahoo-inc.com>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t5ctnjee64w2qv@annevk-t60.oslo.opera.com>

>>> Multi-user hosts already need filtering. Otherwise they could simply  
>>> load a page from the same domain with a different path in an <iframe>  
>>> or something and do the request from there. The security model of the  
>>> Web is based around domains. How unfortunate or fortunate that may be.
>>
>> Yes; it's still worth pointing this out for the uninitiated.
>
> Can you propose some text?

I wrote something down:

   http://dev.w3.org/2006/waf/access-control/#design-decision-faq


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 22 January 2008 23:14:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC