- From: Doron Rosenberg <doronr@gmail.com>
- Date: Mon, 26 Jul 2004 17:07:33 -0500
First of all to dispell the myth of cross domain scripting: Cross domain scripting is easily doable in all browsers today, and it won't change. Any domain can include javascript files from any other domain. That allows 2 way communications. Done. This doesn't make web services less secure - most programing toolkits allow cross domain web services without any restrictions. Publically available web services are obviously meant to be consumed by anyone. If they want to restrict, they can use username/passwords to do that, as does Google. The only reason we didn't allow cross domain web services access are intranets - since mozilla does the actually SOAP connection, user A in a workplace with internet and intranet access could get to evil.com, which talks to an intranet web service.
Received on Monday, 26 July 2004 15:07:33 UTC