- From: Ken MacLeod <ken@bitsko.slc.ut.us>
- Date: 13 May 2000 12:02:25 -0500
- To: <xml-dist-app@w3.org>
"Dave Winer" <dave@userland.com> writes: > What would be the most practical, easy and low-tech way to add a > layer of security, using current best-practices of the Internet? > > Rather than seeing this a time to put the brakes on, could we get > into problem solving mode and have an answer that can easily be > implemented in conjunction with the RPC work? Since the problem is not one of active security (access control), but of passive security (unintended faults), the solution isn't really something one puts into a specification. The current best-practice of the Internet for solving the passive security problem is "sandboxing", highly restricting the environment and access to resources from where code runs so that when that code fails it is still confined to the sandbox. Java and JavaScript, as examples, are designed with sandboxing as a core feature. -- Ken
Received on Saturday, 13 May 2000 12:56:36 UTC