- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Thu, 03 Oct 2013 08:50:28 +0200
- To: Frederick.Hirsch@nokia.com
- Cc: Youenn.Fablet@crf.canon.fr, bh526r@att.com, richt@opera.com, giuseppep@opera.com, public-device-apis@w3.org, public-web-and-tv@w3.org
Le jeudi 03 octobre 2013 à 01:28 +0000, Frederick.Hirsch@nokia.com a écrit : > The fundamental flaw is that one device has two purposes allowing > flaws from one to affect the other, yet this is also why it is sold > and valued - the convenience, cost reduction, lower hardware > footprint, easier management etc are also benefits. One simple (but of course not 100% effective) solution would be for such a dual serviced device to expose CORS headers only on the benign service, and not on the security-sensitive one. (if a bug in the benign service lets attack the sensitive one, of course, this won't be of much use) Dom
Received on Thursday, 3 October 2013 06:50:46 UTC