Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?) from Adam Barth on 2009-12-14 (public-webapps@w3.org from October to December 2009)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 14 Dec 2009 14:38:27 -0800
To: Tyler Close <tyler.close@gmail.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Jonathan Rees <jar@creativecommons.org>, "Mark S. Miller" <erights@google.com>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
Message-ID: <7789133a0912141438j26d7b19cxe7de02eda19af3d2@mail.gmail.com>

On Mon, Dec 14, 2009 at 2:13 PM, Tyler Close <tyler.close@gmail.com> wrote:
> For example, the
> User Consent Phase and Grant Phase above could be replaced by a single
> copy-paste operation by the user.

Any design that involves storing confidential information in the
clipboard is insecure because IE lets arbitrary web sites read the
user's clipboard.  You can judge that to be a regrettable choice by
the IE team, but it's just a fact of the world.

Adam

Received on Monday, 14 December 2009 22:39:19 UTC