Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] from Maciej Stachowiak on 2010-04-19 (public-webapps@w3.org from April to June 2010)

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 19 Apr 2010 00:26:22 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Tyler Close <tyler.close@gmail.com>, Arthur Barstow <Art.Barstow@nokia.com>, ext Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
Message-id: <561F7AFD-F98E-4B5E-A49F-EF9D9A6F945C@apple.com>

On Apr 18, 2010, at 4:48 AM, Julian Reschke wrote:

>
> In general, whitelists are bad because they close extension points.  
> Please consider using a black list instead.
>

But blacklists are worse for security, and security is the prime  
consideration here.

Regards,
Maciej

Received on Monday, 19 April 2010 07:26:59 UTC