[cap-talk] Security considerations for cookies
Adam Barth
w3c at adambarth.com
Sun Feb 14 10:15:11 PST 2010
On Sat, Feb 13, 2010 at 9:15 AM, Mark Miller <erights at gmail.com> wrote:
> On Fri, Feb 12, 2010 at 9:49 PM, Adam Barth <cap-talk at adambarth.com> wrote:
>> The way I would imagine this working is that you'd login via HTTP
>> auth, which would then set a cookie (e.g., a session cookie).
>
> Perhaps it could be clearer that these other ambient authority systems help
> address weaknesses that cookies have aside from ambient authority, but that
> they do not help avoid the ambient authority problems of cookies.
I've removed the recommendation about using redundant authentication.
It seems to be more confusing than valuable.
>> Perhaps in the proximate, but (as Mark is fond of point out) you can
>> run untrusted script in your web page as long as that script can't
>> abuse ambient authority. Some of that authority comes from the
>> location bar at the top of the window, but much of it comes from
>> cookies.
>
> I also find this connection to cross site scripting confusing. Mentioning it
> raises more questions that need to be explained. I would also recommend
> dropping it. CSRF is the clear case.
Dropped.
>> I'm happy to use whatever word is most accurate here.
>
> I think just "capabilities" here might be best.
Done.
Adam
More information about the cap-talk
mailing list