A new web newsreader
Adam D. Ruppe
destructionator at gmail.com
Fri Dec 9 07:30:33 PST 2011
On Friday, 9 December 2011 at 15:15:05 UTC, Andrei Alexandrescu
wrote:
> Interesting. I don't understand the security issues involved
> and why they can't be addressed by the application, but you're
> the doc.
Separate domains are a defense-in-depth kind of thing. The browser
puts up walls between domains for scripting, framing, cookies,
locally
stored data, authentication headers, and so on.
While the app can filter this stuff, the separate domain helps be
sure that a bug in the app doesn't lead to a security hole in
deployment.
And, of course, if you *want* to allow user scripting, the
separate domain
is a must so put at least one hard wall in there.
More information about the Digitalmars-d
mailing list