is ng-csp detrimental to user security?
You're right, it isn't, there are no easy solutions to complex problems. But hardened core APIs are a start.
-
-
yes, definetly. I am the last one to argue against hardening. Just brought up one important issue.
-
Our disagreement boils down to the question of whether we can get FWs to play nice with new, hardened APIs.
-
If we can't then we can never put faith in secure APIs for the web b/c they can always be subverted by FWs.
-
again:I am not saying we can't do this.I am not at all oposing the idea. Just saying we need to be careful
-
Violent agreement, then? :) FWIW we've done a bad job at secure-by-default JS FWs and we should get better.
-
I just wouldn't like the past crappiness of this area to hold us back from making useful platform changes.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.