- From: Jim Ley <jim.ley@gmail.com>
- Date: Thu, 16 Mar 2006 12:34:57 +0000
On 3/16/06, Hallvord R M Steen <hallvors at gmail.com> wrote: > On 3/11/06, Jim Ley <jim.ley at gmail.com> wrote: > > > Accessing JSON resources on a local intranet which are > > secured by nothing more than the requesting IP address. > > While this is a valid concern I think the conclusion "no *new* > security vulnerabilities" is correct. If you today embed data on an > intranet in JavaScript I can create a page that loads that script in a > SCRIPT tag and steal the data. Could you please describe how exactly? the contents of remote script elements are not typically available (and if they are it's a large security hole today) unless valid javascript objects are produced to be queried, that is not the case with bare JSON. Jim.
Received on Thursday, 16 March 2006 04:34:57 UTC