Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases Web Security Book

Posted by CmdrTaco on from the posted-from-my-own-chair dept.

northern squirrel writes "As reported by Security Focus, Google had publicly released their 50-page Browser Security Handbook (under a CC BY license, too). To quote, the document is 'meant to provide developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers,' and features a comparison of security features in Internet Explorer, Firefox, Opera, Safari, and — you guessed it — Chrome. Is it a belated Christmas gift to web developers, or just a reaction to recent bad publicity?"

3 of 49 comments (clear)

  1. HTTP authentication by sakdoctor · · Score: 4, Interesting

    What the hell happened to http authentication anyway? I'm oblivious to the history, but we have basic and digest, both suck so everyone uses cookies instead.
    Why don't we have something more modular where new hashes can be plugged in over time, and maybe negotiate down to md5 for older agents.

  2. shttp by hey · · Score: 4, Interesting

    The document mentions shttp which I have never heard of before
    http://www.ietf.org/rfc/rfc2660.txt
    I wonder what's its used for.

  3. Re:Open browser engineering issues by hey · · Score: 5, Interesting

    But C/C++ is changing. Memory randomization makes many attacks impractical, for example. So you get something as safe as Java but faster.