Thanks to visit codestin.com
Credit goes to github.com

Skip to content

revisit "Countermeasures" section #15

New issue
New issue
Open
Open
revisit "Countermeasures" section#15
@TallTed

Description

@TallTed
TallTed
opened on Jun 19, 2024

security-considerations/index.bs

Lines 112 to 115 in d2dc6d6

### Countermeasures ### {#serving-user-created-files-countermeasures}
* Multiple agents can create files on the same server, which could render `same-origin` security boundaries useless.
* As one possible countermeasure, servers could add a [`Content-Security-Policy: sandbox`](https://www.w3.org/TR/CSP3/#directive-sandbox) header to artificially enable `same-origin` security policies for files served on the same origin.

The first bullet under countermeasures is more of a vulnerability than a countermeasure, and should be moved.... or rephrased to focus on how "same-origin security boundaries" can work as a countermeasure.

(The current point of the first bullet should be moved to the vulnerabilities section, or start a new section focusing on this vulnerability, if the document restructuring discussed previously is implemented.)

Having only one or two countermeasures seems insufficient for an entire section, meant to address all vulnerabilities. But having few countermeasures is fine if they are addressing a single vulnerability, as in the previously suggested restructuring.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions