Tuesday, 27 September 2011


I read an interesting article in the latest IEEE Computer magazine called "Security Vulnerabilities in the Same-Origin Policy: Implications and Alternatives" (sadly you have to pay for the article).  Actually the article itself was basically an overview, so the majority of it covered well known information, however one of the 'alternatives' mentioned was something I hadn't come across before so I thought I would share it.

Escudo (link to original paper), is a web browser protection model positioned as an alternative to the Same Origin Policy.  I thought it had some interesting ideas and it's always good to read about alternatives as it always tends to increases your understandng of a topic.  I have to say though that I thought their solution was not going to be particularly developer friendly which may lead to more issues than it solves.

Have a read and make up your own mind.