Security and usability

Datschge datschge at gmx.de
Mon Aug 18 21:33:42 BST 2003 

Thank you for taking the time to collect all the exceptions, but I don't see 
how your collection is representative of the whole internet. Also I'd prefer 
you to use a less flaming tone in your responses. You're wrong if you think 
you are doing anyone including yourself a favor by flaming around.

> Great, now almost all my sites are broken because I usually have all static
> information (pictures, css, js) served from another domain because I use
> mod_rewrite.

Why spreading out the source over different domains? Most sites which do so 
use subdomains for this purpose, if at all.

> Google's archive is broken (frame loaded from a different domain because
> Google otherwise couldn't handle the load),

Google's archive (I think you refer to the cached websites) is not broken. In 
case you were referring to Google's newgroups section it wouldn't be broken 
either since groups.google.com is their subdomain.

> and so is the Google picture-search.

Only in the framed view you get after clickling a search result picture, due 
to the fact it mixes content delivered by Google with that of the site 
containing the resulted picture.

> I just checked, I also could no longer use my webbank, because it also uses
> frames from different domains.

Nice that you are coming with a web bank example, especially these kind of 
sites should try to ensure that your data is safe. Using a framed site 
accessing different domains is a nice invitation for someone to try cracking 
one of those domains just for serving pseudo authentic interfaces which send 
your data somewhere else. Are you really sure you weren't mixing up 
subdomains with domains again?

> No, I have to rephrase: I could no longer use my webbank with Konqueror. I
> and nobody else will change banks just because of moronic privacy policies.

I know you don't care about privacy at all, but others still do.

> Almost all pages with screenshots are broken because they often have the
> screenshots on other servers.

That's a generic assumption. Care to cite some valid examples for a change?

> And bye, bye slashdot, it also gets its images from another domain.

No, they use their images.slashdot.org subdomain.

> Thousands of other sites will be broken as well.

Feel free to send your whole list to me.

More information about the kfm-devel mailing list