[whatwg] whatwg Digest, Vol 82, Issue 10

On Wed, Jan 5, 2011 at 12:10 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> HTTPS already prevents MITM attacks and most others
>
> I've yet to see someone suggest restricting the asking UI to https sites
> (though I think it's something that obviously needs to happen). ?As far as I
> can tell, things like browser geolocation prompts are not thus restricted at
> the moment.

Well, there are at least two broad classes of elevated privileges:
things which are clearly useful to web pages but are disallowed or
limited because they're too easily misused, and things with more
serious security implications.  Fullscreening, mouse capturing,
stopping the context menu, bypassing local storage quotas, etc. are in
the former category.  Unrestricted file and network access (accepting
network connections for direct peer-to-peer connections, UDP) is in
the latter category.

Stricter requirements like SSL makes more sense for the latter case.
I'd put geolocation squarely in the first, lesser group.

Unblocking the lesser case is probably much easier, to allow elevating
a site to permit those things which are useful, and which are at worst
a nuisance if a script is hijacked.

>> the major attack vector they don't prevent is a compromised server.
>
> Or various kinds of cross-site script injection (which you may or may not
> consider as a compromised server).

I suppose this is analogous to buffer overflows in native code.

-- 
Glenn Maynard

Received on Tuesday, 4 January 2011 22:29:46 UTC