Re: iframe@security

Richard Conyard wrote:
> Since the security benefits are
> dependent upon UA (and even then there is potential for exploits), the
> implied security might paper over flaws that should be addressed in
> other areas.

Interesting comment Richard and yes you are right. IMO security is often
addressed in the wrong way with the solution often being  worse than the
problem or potential problem, CAPTCHAS spring to mind and this kind of
security/trust functionality should take place in different layer and as
little as possible in the upper application layer. As an aside, security
often deals with /potential/ problems and averting them rather that
actually dealing /with/ the problem - as its too late when the horse has
bolted to make the door more secure.


Received on Monday, 21 January 2008 12:43:57 UTC