Sverre wrote: > We need a totally new development platform that makes it > impossible to do the typical webappsec mistakes. I'm not > sure if it's doable, but I guess it would be possible to > avoid all meta-character based exploits, such as Cross-site > Scripting, SQL Injection, Shell Command Injection and so on. > It's just a matter of encasulating all communication with > sub-systems (including the browser) in some reasonable and > limited API. > The problem with this scheme is that it requires that the browser be party to the security. What about a blackhat using netcat? Bye-bye to whatever security functionality was built into the browser, and all protection contained therein.
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 10:22:58 PDT