[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Possible security problem in KHTML or KMail?
From:       Ilya Konstantinov <kfm-devel () future ! shiny ! co ! il>
Date:       2001-10-11 17:48:34
[Download RAW message or body]

On Thu, Oct 11, 2001 at 08:59:20PM +0000, Vadim Plessky wrote:
> On Thursday 11 October 2001 13:14, Martin Konold wrote:
> |   On Thursday, 11. October 2001 16:55, Michael Häckel wrote:
> |   > On Thursday 11 October 2001 16:41, Chris Howells wrote:
> |   > > Yes; that's what shadow passwords are for :)
> |   >
> |   > Ok, but if a html web page is able to read the contents of for example
> |   > your "My Documents"-folder, then it is also a security risk, even if if
> |   > doesn't contain passwords.
> |
> |   Yeah, it is definetly a privacy issue.
> |

Isn't failure to comply with the simple well-defined rules of
accessing properties of cross-domain windows?

Netscape's guide defines when an attempt to access another
window's properties will be denied - e.g. when protocols, domains or
URL paths don't match - and which properties are protected. I'd assume
all the DOM access methods will be protected.

[prev in list] [next in list] [prev in thread] [next in thread]