- From: Glenn Maynard <glenn@zewt.org>
- Date: Wed, 5 Jan 2011 01:29:46 -0500
On Wed, Jan 5, 2011 at 12:10 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote: >> HTTPS already prevents MITM attacks and most others > > I've yet to see someone suggest restricting the asking UI to https sites > (though I think it's something that obviously needs to happen). ?As far as I > can tell, things like browser geolocation prompts are not thus restricted at > the moment. Well, there are at least two broad classes of elevated privileges: things which are clearly useful to web pages but are disallowed or limited because they're too easily misused, and things with more serious security implications. Fullscreening, mouse capturing, stopping the context menu, bypassing local storage quotas, etc. are in the former category. Unrestricted file and network access (accepting network connections for direct peer-to-peer connections, UDP) is in the latter category. Stricter requirements like SSL makes more sense for the latter case. I'd put geolocation squarely in the first, lesser group. Unblocking the lesser case is probably much easier, to allow elevating a site to permit those things which are useful, and which are at worst a nuisance if a script is hijacked. >> the major attack vector they don't prevent is a compromised server. > > Or various kinds of cross-site script injection (which you may or may not > consider as a compromised server). I suppose this is analogous to buffer overflows in native code. -- Glenn Maynard
Received on Tuesday, 4 January 2011 22:29:46 UTC