W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2015

Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 23 Oct 2015 21:17:38 -0700
Message-ID: <CABkgnnV7MpJUZABpcA4M_J+0za0Guk8xV4ZZcaKj6RY3D8UMcQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Nick Doty <npdoty@w3.org>, Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On 23 October 2015 at 21:12, Eric Rescorla <ekr@rtfm.com> wrote:
> On the other hand, it's the advice we give to sites which handle credit
> card numbers, e-mails, and other sensitive information. Generally, if
> you once have an XSS on your site, it's fairly hard to clean up later.


Don't get me wrong, it's great advice, it's just not an effective
strategy in this case.
Received on Saturday, 24 October 2015 04:18:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:31 UTC