W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: iframe@security

From: Joshue O Connor <joshue.oconnor@cfit.ie>
Date: Mon, 21 Jan 2008 12:43:35 +0000
Message-ID: <47949377.1080805@cfit.ie>
To: Richard Conyard <Richard@redantdesign.com>, HTMLWG <public-html@w3.org>

Richard Conyard wrote:
> Since the security benefits are
> dependent upon UA (and even then there is potential for exploits), the
> implied security might paper over flaws that should be addressed in
> other areas.

Interesting comment Richard and yes you are right. IMO security is often
addressed in the wrong way with the solution often being  worse than the
problem or potential problem, CAPTCHAS spring to mind and this kind of
security/trust functionality should take place in different layer and as
little as possible in the upper application layer. As an aside, security
often deals with /potential/ problems and averting them rather that
actually dealing /with/ the problem - as its too late when the horse has
bolted to make the door more secure.

Josh
Received on Monday, 21 January 2008 12:43:57 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:29 UTC