On Fri, 21 Jun 2013 09:15:30 +0200, Anne van Kesteren <[email protected]>
wrote:
On Wed, Jun 19, 2013 at 7:39 PM, Charles McCathie Nevile
<[email protected]> wrote:
One of the scenarios I have in mind is where a few apps from an origin
use some common stuff. Which is obviously increasing the attack surface
in the way that you mention, but if the same people are forced to use
different origins for stuff that is copy-pasted across then I am not
sure we are really exposing anything new except a requirement to buy
more domains...
Well, sharing data via messages rather than having actual shared data
is a big benefit security-wise.
Yeah, definitely.
To be honest I was thinking of sharing e.g. scripts and images -
semi-static resources.
Because the boundary is there by default, you instead need to think
about what to expose to other applications and what is safe.
In principle that's true, but I am suspicious that the net effect is that
people just reflexively copy-paste a pile of stuff without thinking very
hard (similar to the way they just import a whole library because they
want a couple of functions).
You'll also scale better as you can more easily integrate with services
running on other systems.
(I need to think about that to be sure I understand it)
cheers
Chaals
--
Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
[email protected] Find more at http://yandex.com
