| |||||||||||||
|
| |||||||||||||
Google's Browser Security HandbookGoogle's Browser Security HandbookPosted Dec 18, 2008 1:57 UTC (Thu) by leonov (subscriber, #6295)Parent article: Google's Browser Security Handbook
This is a great resource from Google, but I disagree with the editorial comment: No web application developer worth his salt should even be working without understanding all of the relevant details...
C'mon, we're geeks! We inhale textbooks for breakfast! ;-)
(Log in to post comments)
Google's Browser Security Handbook Posted Dec 18, 2008 22:01 UTC (Thu) by dps (subscriber, #5725) [Link]
IMHO understanding all the relevant details is impossible because they are not documented anywhere. A vulnerability vs. browser and version matrix would be huge and probably almost impossible to use.
I think that web application should expect the web browser to be seriously lacking in as many aspects as possible. The server side support should be designed to contain the damage an misbehaved client can inflict. A web application merely had to be sufficiently difficult for crackers to target something else instead,
Google's Browser Security Handbook Posted Dec 18, 2008 23:11 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
you also need to remember that you don't know what is really running and claiming to be the browser. anything you expose to the browser you expose to people running arbitrary tools that could be trying to crack your system
|
|
||||||||||||