The new webservices security model has been brought up as a potential grey area recently. See: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2004-July/001495.html http://lists.w3.org/Archives/Public/www-svg/2004Nov/0166.html ... and associated threads etc. While I don't claim to fully understand what the concern is; it looks like adding a hidden pref to allow those who are nervous about it to turn it off, might be a good idea. Any objections to doing that?
Note that we've had this for over 2 years and had no holes found regarding it :) The concerned people (about 1 and a half people) tend to misunderstand what it does as well.
Created attachment 165604 [details] [diff] [review] Quick patch (untested) If we decide we want this pref, the simplest possible patch would like this.
If we are to have a pref, I would say it would be called something.enabled rather than a pref that disables it :) Do we also want to consider a pref to disable soap/webservices in general?
Assignee: web-services → nobody
QA Contact: doronr → web-services
Native WSDL and SOAP support has been removed from Mozilla 1.9/Firefox 3
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.