Cart
[Home] [By Thread] [By Date] [Recent Entries]
On 08/01/07, Nathan Young -X (natyoung - Artizen at Cisco) <natyoung@c...> > Hardwired security measures: > - restrict the viewing experience of a given page to include only > those things that come from the same server as the page itself > - applies to XHR > - applies partly to frames and iframes (you can request whatever > you want but you can't see what you get back) > - does not apply to img, js, css, etc > - restrict requests to an outside server to a list of requests > defined by that server to be valid targets to third party requests > - implemented in newer flash plugins It turns out that iframes are leaky and can be used cross-domain: http://blog.monstuff.com/archives/000304.html > Sorry I don't have any concrete conclusions to draw here. How's this for a conclusion (pax Gilmore): "Web 2.0 interprets security as damage and routes around it". All the best, David
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
