W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Jim Ley <jim.ley@gmail.com>
Date: Sun, 19 Mar 2006 12:23:11 +0000
Message-ID: <851c8d310603190423ka0d5ac7l5ad4b5654c0dd9b3@mail.gmail.com>
On 3/19/06, Douglas Crockford <douglas at crockford.com> wrote:
>  > The mimetype you're defining, because it is new, pretty-much ensures
>  > no existing service behind an intranet could be affected.
>
>  > I could still envision one day developers setting-up JSON syndication
>  > services behind an intranet, not quite grokking the fact that their
>  > data is now accessible from outside of their intranet. Silly, i know
>  > but ...
>
> It is a concern. The only solution to that that I can see is education.

No, the solution is pretty clear, all cross domain activity is
designed to be OPT-IN, just like all other current methods, then
concious effort needs to be made to allow your data onto other peoples
sites.

> A con with JSONRequest is
> that if your are incompetent in determining your authentications, then data may
> leak.

Or indeed wrote your script before this JSONRequest was invented.

Please remove your false and misleading "introduces no new security problems".

Jim.
Received on Sunday, 19 March 2006 04:23:11 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC