ES4 Security

Steven Mascaro subs at
Sat May 17 23:55:21 PDT 2008

The current browser security model is broken. Any security exploit that has
'cross-site' in it's name need not exist today. The solution for browsers is
simple: do not *automatically* transmit private information (usually
cookies) to 3rd parties in a transaction.

Once this problem is solved, ES4 *does* *not* need RO/DD/IH for security.
(IH=information hiding.)

Note, this post is *only* about security (and privacy). It is not about
whether RO/DD/IH can make development/maintenance easier.

(I've keep this post short, given the lack of response to my last
ridiculously long post. :) Opposing opinions very much welcomed.)
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Es4-discuss mailing list