- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 31 Jan 2006 20:29:07 +0000 (UTC)
On Mon, 30 Jan 2006, Gervase Markham wrote: > > Ian Hickson wrote: > > My first impression is that it is far too complex and over-engineered. > > OK... What do you think the requirements are for a solution to this > problem? I tried to make my types of restrictions match up with common > use cases, but I may well have picked the wrong ones. I don't really know. > > The problem with security is that people don't understand the issues. > > We don't want to give authors too fine-grained control, because most > > authors will get it wrong, but be lulled into a false sense of > > security because they are "using Content Restrictions". > > OK; but if your control is too coarse-grained, then people who want to > permit just a little bit of scripting are forced to not have any > restrictions at all. Sure. But they're in the 10%, the 90% is secure. Whereas with a complex system, maybe 5% is secure, 90% thinks it is but isn't, and the remaining 5% still don't have enough fine-grained control. Good luck... -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 31 January 2006 12:29:07 UTC