ES4 Security
Steven Mascaro
subs at voracity.org
Sat May 17 23:55:21 PDT 2008
The current browser security model is broken. Any security exploit that has
'cross-site' in it's name need not exist today. The solution for browsers is
simple: do not *automatically* transmit private information (usually
cookies) to 3rd parties in a transaction.
Once this problem is solved, ES4 *does* *not* need RO/DD/IH for security.
(IH=information hiding.)
Note, this post is *only* about security (and privacy). It is not about
whether RO/DD/IH can make development/maintenance easier.
(I've keep this post short, given the lack of response to my last
ridiculously long post. :) Opposing opinions very much welcomed.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.mozilla.org/pipermail/es-discuss/attachments/20080518/a08b2983/attachment-0002.html
More information about the Es4-discuss
mailing list