System.download [was ...]

Jason Orendorff jason.orendorff at gmail.com
Wed Jul 11 16:17:55 PDT 2012


On Mon, Jul 9, 2012 at 6:04 PM, Aymeric Vitte <vitteaymeric at gmail.com> wrote:
> If the answer is that it is not possible because of the same origine policy,
> then it is not difficult to show that this policy can be broken already, by
> some "manipulations", then it's better to have something clean.

Please do explain what "manipulations" you have in mind here.

As I understand it, the same-origin policy is what prevents other web
sites you visit from sending HTTP requests to your bank (for example),
with your login cookie attached, and looking at the responses. It
seems like it would be a major security hole if that could be easily
circumvented.

-j


More information about the es-discuss mailing list