[cap-talk] Webkeys vs. the web
stay
stay at google.com
Fri Apr 10 14:36:57 EDT 2009
On Fri, Apr 10, 2009 at 11:25 AM, Raoul Duke <raould at gmail.com> wrote:
>> Therefore, I will encourage people writing Tahoe frontends to leave
>> read-only caps in the URL but to sequested write-caps behind some
>> other user action, such as "click this button to generate a write cap".
>
> but isn't the problem then only slightly deferred, to when that write
> cap gets out as text somewhere? what makes it clear that it is a
> dangerous write app to somebody who is copy/pasting it?
How about a subdomain like
https://THIS-IS-YOUR-SECRET-KEY-BE-CAREFUL.google.com/gobledygook ?
--
Mike Stay
stay at google.com
More information about the cap-talk
mailing list