I think Stuart would be happy if XBL used its attacher's security principal. I am guessing he wants to place a binding in resource:/res/html.css and get privileges on the bound XBL. Is that still a security hole? (probably:-)
- Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Ben Bucksch
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? Neil
- Re: Is the security model XBL uses wrong? Neil
- Re: Is the security model XBL uses wrong? Alex Fritze
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? Neil
