W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: Feedback on Access Control

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 23 Jan 2008 00:17:38 +0100
To: "Mark Nottingham" <mnot@yahoo-inc.com>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t5ctnjee64w2qv@annevk-t60.oslo.opera.com>

>>> Multi-user hosts already need filtering. Otherwise they could simply  
>>> load a page from the same domain with a different path in an <iframe>  
>>> or something and do the request from there. The security model of the  
>>> Web is based around domains. How unfortunate or fortunate that may be.
>> Yes; it's still worth pointing this out for the uninitiated.
> Can you propose some text?

I wrote something down:


Anne van Kesteren
Received on Tuesday, 22 January 2008 23:14:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC