Re: same-origin assertions in the DNS (Fwd: [apps-discuss] draft-sullivan-domain-origin-assert-00)

ons 2012-05-09 klockan 22:10 -0700 skrev Maciej Stachowiak:

> Treating separate domains as same-origin based on DNS records seems
> extremely dangerous, with little counter-balancing benefit (it would
> not actually be usable until implemented in a large majority of
> browsers, and there's safer ways to communicate between different
> origins). In addition to the obvious XSS dangers, consider also how
> this feature might combine with DNS rebinding attacks.

Further, the user-agent may be using proxies, not using or even having
access to DNS.


Received on Thursday, 10 May 2012 05:18:33 UTC