W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2008

[whatwg] Dealing with UI redress vulnerabilities inherent tothe current web

From: Robert O'Callahan <robert@ocallahan.org>
Date: Sat, 27 Sep 2008 15:49:54 +1200
Message-ID: <11e306600809262049x7f731dd6ld15879e09d7f4122@mail.gmail.com>
On Sat, Sep 27, 2008 at 3:17 PM, Richard's Hotmail <maher_rj at hotmail.com>wrote:

> https://jdk6.dev.java.net/plugin2/
> http://weblogs.java.net/blog/joshy/archive/2008/05/java_doodle_cro.html
>
>

We have a W3C spec for the latter called Access Controls, which is a good
deal more secure than Java/Flash's crossdomain.xml.

Anyway, the fact that Java is evolving some sort of cross-domain capability
doesn't help make the argument that the Java 1.0 same-origin sandbox model
is an adequate solution to everything.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080927/90ee521b/attachment.htm>
Received on Friday, 26 September 2008 20:49:54 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:05 UTC