Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?) from Kenton Varda on 2009-12-22 (public-webapps@w3.org from October to December 2009)

From: Kenton Varda <kenton@google.com>
Date: Mon, 21 Dec 2009 17:38:13 -0800
To: Ian Hickson <ian@hixie.ch>
Cc: Tyler Close <tyler.close@gmail.com>, public-webapps <public-webapps@w3.org>
Message-ID: <4112ecad0912211738k5b279e94gbc056ecf57b96552@mail.gmail.com>

On Mon, Dec 21, 2009 at 5:31 PM, Ian Hickson <ian@hixie.ch> wrote:

> The most simple cases are also the most common and are by far the cases I
> care the most about. The more complicated cases are authored by more
> competent authors, and can be more complicated (e.g. they don't have to
> use CORS).
>

It seems to me that anyone who needs cross-origin resources in the first
place, and cannot accept providing *everyone* access to the resource, is
most likely already doing something complicated enough that there is a
significant chance of vulnerabilities.  Non-complicated situations with
these requirements seem relatively rare to me.  But you would know better.

Received on Tuesday, 22 December 2009 01:39:04 UTC