Re: Comments/Questions on Media Capture Streams – Privacy and Security Considerations

On Fri, Oct 23, 2015 at 9:17 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 23 October 2015 at 21:12, Eric Rescorla <ekr@rtfm.com> wrote:
> > On the other hand, it's the advice we give to sites which handle credit
> > card numbers, e-mails, and other sensitive information. Generally, if
> > you once have an XSS on your site, it's fairly hard to clean up later.
>
>
> Don't get me wrong, it's great advice, it's just not an effective
> strategy in this case.
>

Less so than "don't allow there to be an XSS or someone will steal
everyone's
personal data"?

-Ekr

Received on Saturday, 24 October 2015 04:20:29 UTC