Russell (zimzat) wrote,

  • Mood:
  • Music:

"Well, condoms don't _always_ work, so let's just not use anything!"

A recent post in lj_dev talked about the recent security vulnerability and linked to a bug patch in Mozilla/Firefox that would help ... mitigate this problem. I like Brad's recent comment about it:

While we could discuss forever that HttpOnly isn't a complete solution for all attack instances, that's not what matters. It's like saying, "Well, condoms don't _always_ work, so let's just not use anything!" HttpOnly does work most of the time, especially for stopping what our HTML/CSS spermicide doesn't.

heh... I think he made his point very valid by using an analogy like that. Too many people try to get away with not doing anything simply because it doesn't do everything (I could probably be included with that at least sometimes).

Reference: Mozilla/Firefox Comment #49, Bug #178993

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened