Re: CDR: Security exceptions and events from Maciej Stachowiak on 2006-03-08 (public-cdf@w3.org from March 2006)

From: Maciej Stachowiak <mjs@apple.com>
Date: Wed, 8 Mar 2006 14:46:53 -0800
To: Kevin E Kelly <kekelly@us.ibm.com>
Cc: public-cdf@w3.org
Message-Id: <38BC54F3-013C-438B-8D4B-0CCACD2BC0B7@apple.com>

On Mar 8, 2006, at 5:41 AM, Kevin E Kelly wrote:

>
> Maceij,
>
> Please find the responses below marked with [KEK],   Both comments  
> were accepted and implemented.
>
> Please let us know, within 2 weeks, if this change does not address  
> your comments.

This satisfies my concerns. Thank you.

Regards,
Maciej

> Kevin
> On behalf of the CDF WG
>
> Action 348: Respond to comments 7+8 http://www.w3.org/2004/CDF/ 
> Group/track/actions/348
> Message 7 http://lists.w3.org/Archives/Public/public-cdf/2006Jan/ 
> 0007.html
>
>
>
>
>
> Maciej Stachowiak <mjs@apple.com>
> Sent by: public-cdf-request@w3.org
> 01/02/2006 04:36 AM
>
> To
> public-cdf@w3.org
> cc
> Subject
> CDR: Security exceptions and events
>
>
>
>
>
>
>
> Section 2.1.2
>
> "Accessing the parent document through the DOM can be disabled for
> security reasons. In such cases user agents should throw a
> SecurityException as defined in section 2.1.4."
>
> Section 2.1.3
>
> "Accessing the child document through the DOM can be disabled for
> security reasons. In such cases user agents should throw a
> SecurityException as defined in section 2.1.4."
>
> Section 2.1.4 SecurityException
>
> - I strongly recommend against security exceptions. The
> generallyaccepted best security practices are silent failure when an
> attempted intrusion is detected. Otherwise the attacker may gain
> useful information. Therefore it would be best to just return nil in
> cases where access is disabled for security reasons, and to remove
> the exception. This also matches de facto behavior of similar
> features in existing UAs (window.frameElement for instance, which
> just returns nil rather than throwing an exception).
>
> [KEK] Section 2.1.2, 2.1.3, 2.1.4 have been removed in favor of  
> existing mechanisms only for event propogation in compound  
> documents by refernece.
>
> Section 2.2.2
>
> "When a document breaks through the user agent security policy, user
> agents are encouraged to dispatch a security event in the http://
> www.w3.org/2005/10/cdf namespace on the document object."
>
> - Surely this should say "attempts to break through the user agent
> security policy".
>
> - Which document object? The parent? The child? The document
> attempting to violate policy? The document that is the target of the
> attempted violation? Please clarify this in the specification.
>
> - Security events are a bad idea for the same reason as security
> exceptions. I recommend removing them from the spec.
>
> [KEK] Section 2.2 has been removed.
>

Received on Wednesday, 8 March 2006 22:47:11 UTC