Re: Web RPCs Considered Harmful

Yes, but I do not see any SandBOX model here. Do we wait
until the customer crys....
>"Dave Winer" <> writes:
>> What would be the most practical, easy and low-tech way to add a
>> layer of security, using current best-practices of the Internet?
>> Rather than seeing this a time to put the brakes on, could we get
>> into problem solving mode and have an answer that can easily be
>> implemented in conjunction with the RPC work?
>Since the problem is not one of active security (access control), but
>of passive security (unintended faults), the solution isn't really
>something one puts into a specification.
>The current best-practice of the Internet for solving the passive
>security problem is "sandboxing", highly restricting the environment
>and access to resources from where code runs so that when that code
>fails it is still confined to the sandbox.
>Java and JavaScript, as examples, are designed with sandboxing as a
>core feature.
>  -- Ken

Received on Wednesday, 17 May 2000 03:34:28 UTC