bruant.d at gmail.com
Fri Oct 26 05:13:02 PDT 2012
Le 26/10/2012 13:59, Patrick Mueller a écrit :
> On Fri, Oct 26, 2012 at 2:03 AM, David Herman <dherman at mozilla.com
> <mailto:dherman at mozilla.com>> wrote:
> A feature you shouldn't use in production is a feature your
> attackers will use in production. ;)
> Not just your attackers. Worse. You, probably.
"you" belongs to the "your attackers" group for all humans writing code
I've met so far I think ;-)
> Perhaps we need to start talking about lower-level user space
> capabilities like this, that we can provide for "debugging".
> Presumably, a user gesture would be required to "enter debug mode",
> but once you're there, you have access to some of the magic.
If "user space" implies "will be accessible to a webpage", it's not
workable. I think debugging capabilities should stay in debugging-land
(which userland cannot interact with).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss