W3C home > Mailing lists > Public > www-tag@w3.org > May 2010

Re: Impending web-arch issue?

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 10 May 2010 11:38:32 +0200
To: Nathan <nathan@webr3.org>
Cc: "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <op.vchg2iew64w2qv@annevk-t60>
On Mon, 10 May 2010 11:16:54 +0200, Nathan <nathan@webr3.org> wrote:
> long-term though, surely it's quite an issue that a web application,  
> running in a web browser, conforming to all the standards and the design  
> principals of the web, can't use the web?

It's certainly annoying, but unless we start over I do not really see how  
we can change the (arguably broken) security fundamentals of the platform.

(What is being protected here are servers on an intranet that do not  
require authentication and servers that use IP-based authentication.  
Without the same-origin protection evil.example could get data from  
intranet.corp.example if a user that is on an intranet with access to  
intranet.corp.example visits evil.example (e.g. via a phishing attack).)

Anne van Kesteren
Received on Monday, 10 May 2010 09:39:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:34 UTC