- From: Jim Ley <jim.ley@gmail.com>
- Date: Sun, 19 Mar 2006 12:23:11 +0000
On 3/19/06, Douglas Crockford <douglas at crockford.com> wrote: > > The mimetype you're defining, because it is new, pretty-much ensures > > no existing service behind an intranet could be affected. > > > I could still envision one day developers setting-up JSON syndication > > services behind an intranet, not quite grokking the fact that their > > data is now accessible from outside of their intranet. Silly, i know > > but ... > > It is a concern. The only solution to that that I can see is education. No, the solution is pretty clear, all cross domain activity is designed to be OPT-IN, just like all other current methods, then concious effort needs to be made to allow your data onto other peoples sites. > A con with JSONRequest is > that if your are incompetent in determining your authentications, then data may > leak. Or indeed wrote your script before this JSONRequest was invented. Please remove your false and misleading "introduces no new security problems". Jim.
Received on Sunday, 19 March 2006 04:23:11 UTC