[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] Proposed change to WebGL spec section 4.2 (Security Origin Restrictions)



On 07/10/2010, at 1:07 AM, Chris Marrin wrote:
> Because we have to. Origin restrictions are not something we can elide just because we think they are not "necessary". Security is of prime importance to many people. The news that your browser didn't respect origin restrictions would cause some companies to block the use of your browser on their site. This is a fact we have to live with.

I'm already very nervous about the perception of security that WebGL is going to have on launch, and whether someone's going to use hardware shaders to break through to the OS. For example, reading other buffers in OpenGL, or opening a context that is not within the browser window to emulate a password request.

Even though these problems can be cleaned up over time, it is going to be a big issue to manage public perception if the release of WebGL is shortly followed by security problems. The specific scenario that I dread is the possible need for a virtualised layer to filter out some kinds of attacks that utilise GPU chipset flaws.

If we head down that road, then ANGLE may have to be used for GLES as well as Direct, or even drop all the way back to something that is not much faster than Flash. Obviously this is worst case but this is why I think security is so much more important than any features at this stage, even if we can only draw a triangle.

--
  steve@adam.com.au


-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: