On 1/5/11 12:29 AM, Glenn Maynard wrote:
Stricter requirements like SSL makes more sense for the latter case.
I'd put geolocation squarely in the first, lesser group.
I wouldn't. Just because a user trusts some particular entity to know
exactly where they are, doesn't mean they trust their stalker with that
information. I picked geolocation specifically, because that involves
an irrevocable surrender of personal information, not just annoyance
like disabling the context menu.
Or various kinds of cross-site script injection (which you may or may not
consider as a compromised server).
I suppose this is analogous to buffer overflows in native code.
As opposed to a virus infection (which would be similar to a compromised
server), say? Yes, that seems like a good analogy. One difference is
that buffer overflows are primarily a problem insofar as you don't
control your input. With a website, you never "control your input":
anyone can point the user to any url on your site. Even urls you didn't
think of existing.
-Boris
