HTML Cleaner "Spermicide"

Jan. 22nd, 2006 11:09 pm
crschmidt: (Default)
[personal profile] crschmidt
While we could discuss forever that HttpOnly isn't a complete solution for all
attack instances, that's not what matters. It's like saying, "Well, condoms
don't _always_ work, so let's just not use anything!" HttpOnly does work most
of the time, especially for stopping what our HTML/CSS spermicide doesn't.


-- Brad, https://bugzilla.mozilla.org/show_bug.cgi?id=178993#c49
Threaded | Flat

(no subject)

Date: 2006-01-23 04:54 am (UTC)
From: [identity profile] alacrity.livejournal.com
The problem with that kind of analogy is that in this case your "sperm" is a live human attacker who can adapt and work around the instances where it does work. It's not so much a bad argument, just a bad analogy, that might mistakenly lead one to believe that the problem is solved "well enough." It isn't. More solutions should be pursued, and one should not be taken in by a false sense of security.

That sentiment is generally the reason behind arguments against impartial solutions -- a false sense of security can sometimes be worse than no security at all.
Threaded | Flat

Profile

crschmidt: (Default)
crschmidt
Christopher Schmidt - Projects and more

November 2022

S M T W T F S
   12345
6789101112
13141516171819
20212223242526
27282930   

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Top of page