| |||||||||||||
|
| |||||||||||||
Google's Browser Security HandbookGoogle's Browser Security HandbookPosted Dec 18, 2008 22:01 UTC (Thu) by dps (subscriber, #5725)In reply to: Google's Browser Security Handbook by leonov Parent article: Google's Browser Security Handbook
IMHO understanding all the relevant details is impossible because they are not documented anywhere. A vulnerability vs. browser and version matrix would be huge and probably almost impossible to use.
I think that web application should expect the web browser to be seriously lacking in as many aspects as possible. The server side support should be designed to contain the damage an misbehaved client can inflict. A web application merely had to be sufficiently difficult for crackers to target something else instead,
(Log in to post comments)
Google's Browser Security Handbook Posted Dec 18, 2008 23:11 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
you also need to remember that you don't know what is really running and claiming to be the browser. anything you expose to the browser you expose to people running arbitrary tools that could be trying to crack your system
|
|
||||||||||||