The current browser security model is broken. Any security exploit that has 'cross-site' in it's name need not exist today. The solution for browsers is simple: do not *automatically* transmit private information (usually cookies) to 3rd parties in a transaction.
Once this problem is solved, ES4 *does* *not* need RO/DD/IH for security. (IH=information hiding.) Note, this post is *only* about security (and privacy). It is not about whether RO/DD/IH can make development/maintenance easier. (I've keep this post short, given the lack of response to my last ridiculously long post. :) Opposing opinions very much welcomed.)
_______________________________________________ Es4-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es4-discuss
