There ought to be two different discussions - (1) for attacks on the user that use the web site as an unwitting accomplice, perhaps intended to compromise the user's account and send unauthorised information to timbuktu.
(2) attacks on the web site itself, perhaps intended to extract bulk data that was not indended to be published. It seems to me that any security features for type 2 attacks are intrinsically shams if they depend on the browser enforcing security policies. The browsers are open source. I can compile my own "attack assistant" version of firefox right now. I don't have to use a browser at all, just a telnet window. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
