W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [blink-dev] Proposal: Marking HTTP As Non-Secure

From: Jim Manico <jim.manico@owasp.org>
Date: Sat, 3 Jan 2015 10:55:34 -1000
Message-ID: <251268333985075278@unknownmsgid>
To: Craig Francis <craig.francis@gmail.com>
Cc: Jiri Danek <softwaredevjirka@gmail.com>, "mozilla-dev-security@lists.mozilla.org" <mozilla-dev-security@lists.mozilla.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>, blink-dev <blink-dev@chromium.org>
> It's one of the reasons I'm really pushing for a security tab in the web dev tools, to help with education and usage of the features that are available... i.e. have you tried implementing a CSP header before? it's good fun :-)

Cool. I'm running CSP on several of my sites. Easy to set up for new
development, lots of tools out there to make it easier. script hashing
and script noncing are awesome. I can even easily protect inline
scripts now...

Building complex websites is very tough. Security is just another
engineering task... :)

--
Jim Manico
@Manicode
(808) 652-3805

> On Jan 3, 2015, at 2:21 AM, Craig Francis <craig.francis@gmail.com> wrote:
>
> It's one of the reasons I'm really pushing for a security tab in the web dev tools, to help with education and usage of the features that are available... i.e. have you tried implementing a CSP header before? it's good fun :-)
Received on Saturday, 3 January 2015 20:56:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC