Pref for switching off the new security model

RESOLVED INCOMPLETE

Status

RESOLVED INCOMPLETE
14 years ago
a year ago

People

(Reporter: keeda, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

14 years ago
The new webservices security model has been brought up as a potential grey area
recently. See:

http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2004-July/001495.html
http://lists.w3.org/Archives/Public/www-svg/2004Nov/0166.html

... and associated threads etc.

While I don't claim to fully understand what the concern is; it looks like
adding a hidden pref to allow those who are nervous about it to turn it off,
might be a good idea.

Any objections to doing that?

Comment 1

14 years ago
Note that we've had this for over 2 years and had no holes found regarding it :)

The concerned people (about 1 and a half people) tend to misunderstand what it
does as well.
(Reporter)

Comment 2

14 years ago
Created attachment 165604 [details] [diff] [review]
Quick patch (untested)

If we decide we want this pref, the simplest possible patch would like this.

Comment 3

14 years ago
If we are to have a pref, I would say it would be called something.enabled
rather than a pref that disables it :)  Do we also want to consider a pref to
disable soap/webservices in general?
Assignee: web-services → nobody
QA Contact: doronr → web-services
Native WSDL and SOAP support has been removed from Mozilla 1.9/Firefox 3
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → INCOMPLETE

Updated

a year ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.