Closed Bug 269137 Opened 20 years ago Closed 7 years ago

Pref for switching off the new security model

Categories

(Core Graveyard :: Web Services, defect)

Product:
Core Graveyard
Component:
Web Services
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: keeda, Unassigned)

Details

Attachments

(1 file)

Quick patch (untested)
2.34 KB, patch
Details | Diff | Splinter Review 
The new webservices security model has been brought up as a potential grey area
recently. See:

http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2004-July/001495.html
http://lists.w3.org/Archives/Public/www-svg/2004Nov/0166.html

... and associated threads etc.

While I don't claim to fully understand what the concern is; it looks like
adding a hidden pref to allow those who are nervous about it to turn it off,
might be a good idea.

Any objections to doing that?
Note that we've had this for over 2 years and had no holes found regarding it :)

The concerned people (about 1 and a half people) tend to misunderstand what it
does as well.
If we decide we want this pref, the simplest possible patch would like this.
If we are to have a pref, I would say it would be called something.enabled
rather than a pref that disables it :)  Do we also want to consider a pref to
disable soap/webservices in general?
Assignee: web-services → nobody
QA Contact: doronr → web-services
Native WSDL and SOAP support has been removed from Mozilla 1.9/Firefox 3
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: