[cap-talk] An example of violating POLA?
Toby Murray
toby.murray at comlab.ox.ac.uk
Mon Jun 9 05:18:48 CDT 2008
On Mon, 2008-06-09 at 03:31 -0400, Jack Lloyd wrote:
> On Mon, Jun 09, 2008 at 06:45:24AM +0100, Toby Murray wrote:
> > Absolutely. The trick is, however, coming up with a means for the user
> > to grant Yelp the authority to read the address book. This is perhaps
> > even more difficult for web applications than for traditional ones,
>
> It does not seem to me like this problem would be that
> difficult.
> This is not a particularly clever or extendable solution, but for the
> access of addressbook data (and I do see a lot of sites wanting you to
> enter your email passwords for exactly that reason), it seems like it
> would work.
>
> It's 3 am here so perhaps I am missing the fatal flaw.
>
No. It was me who was missing something -- I mistakenly believed the
address book being granted access to was on the local machine.
Persistent authority to access Inter-Web resources is much easier to
reify, indeed. Unguessable URLs are the obvious (only?) option for doing
so.
More information about the cap-talk
mailing list