Re: Web RPCs Considered Harmful

"Dave Winer" <> writes:

> What would be the most practical, easy and low-tech way to add a
> layer of security, using current best-practices of the Internet?
> Rather than seeing this a time to put the brakes on, could we get
> into problem solving mode and have an answer that can easily be
> implemented in conjunction with the RPC work?

Since the problem is not one of active security (access control), but
of passive security (unintended faults), the solution isn't really
something one puts into a specification.

The current best-practice of the Internet for solving the passive
security problem is "sandboxing", highly restricting the environment
and access to resources from where code runs so that when that code
fails it is still confined to the sandbox.

Java and JavaScript, as examples, are designed with sandboxing as a
core feature.

  -- Ken

Received on Saturday, 13 May 2000 12:56:36 UTC