- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 23 Jan 2008 00:17:38 +0100
- To: "Mark Nottingham" <mnot@yahoo-inc.com>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
>>> Multi-user hosts already need filtering. Otherwise they could simply >>> load a page from the same domain with a different path in an <iframe> >>> or something and do the request from there. The security model of the >>> Web is based around domains. How unfortunate or fortunate that may be. >> >> Yes; it's still worth pointing this out for the uninitiated. > > Can you propose some text? I wrote something down: http://dev.w3.org/2006/waf/access-control/#design-decision-faq -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 22 January 2008 23:14:05 UTC