27 Nov
2007
27 Nov
'07
6:23 p.m.
On Tue, 27 Nov 2007 22:04:23 +0100, Florian Weimer said:
There's also the issue that you can't reliably tell data (which, presumably, does not need to be signed) from code.
And "active content" is what happens when you *intentionally* blur the data/ code distinction. Unfortunately, it's (a) wildly popular with users and (b) usually horribly done from a security standpoint. Unfortunately, "Web 2.0" with its "glue stuff together" approach looks like it's just going to make things even worse, as clueless developers wedge stuff together with dangerous interactions and synergies....