Caja in it's most secure variation prevents the loading of images as that leaks information too. We need to have a balance between security and practicalities - this will probably vary depending on the context in which gadgets are used.
On Mon, Feb 25, 2008 at 6:05 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: > Actually, you're right -- we won't be forcing images through a proxy most > likely, so they could always use that vector if they really wanted to > steal > IPs. > > On Mon, Feb 25, 2008 at 5:57 PM, Brian Eaton <[EMAIL PROTECTED]> wrote: > > > On Mon, Feb 25, 2008 at 5:47 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: > > > Caja will eliminate this in the long run (as well as my other > proposed > > way > > > to steal the IP). > > > > I'm not sure I believe this. In theory, sure. In practice I suspect > > that a policy that prevented the IP address from leaking in any > > possible way would also make it very difficult to write cool gadgets. > > > > I hope to be proved wrong, though. > > > > Cheers, > > Brian > > > > > > -- > ~Kevin > > If you received this email by mistake, please delete it, cancel your mail > account, destroy your hard drive, silence any witnesses, and burn down the > building that you're in. >
