[cap-talk] Polaris tickle, POLA for Internet access, URLs
daw at cs.berkeley.edu
Mon Dec 6 20:48:53 EST 2004
>>David Wagner wrote:
>>>I believe by far the largest source of security holes is in the
>>>specification (of desired functionality), not necessarily in the
>Specifically by limiting the rights of the process interpreting
>the ability to generate a pixel map with links to be displayed.
designed scripting language with lame syntax that has suddenly been
which is a poorly designed scripting language with lame syntax that web
developers consider very useful.)
With the changes you suggest, existing web pages would no longer work.
Existing features could not be supported by this new language. (To give
a simple example, consider a button that changes color when your mouse
passes over it.) Web developers would scream bloody murder.
it gives them so many powers. If you remove those powers, they won't be
happy any more, and you won't be able to support lots of the functionality
they like to provide.
So I'm back to where I started. I believe it is the specification of
the desired functionality that is the problem, not the implementation
strategy for supporting that functionality. I can't see any way to
provide the web developers with what they want and still retain security,
and I don't see how capabilities changes that conclusion in any way.
More information about the cap-talk