|
As long as there are workarounds, no matter how convoluted they are, the "bad guys" will use them. Thus, something like this "security" feature is completely useless - you will find phished and unfairly promoted sites using these hacks - but it severely impedes the work of those that really are looking for security.
Case-in-point: Until Ajax came along, almost all login pages used an ssl encrypted connection. Now that ajax is in vogue, many, many e-commerce sites send the data completely unsecured. They have no choice: the site is http, and this "security" stupidity will not allow a connection to a https page.
Or even more commonly, the whole site doesn't work, as the designer didn't realize that the browser will not allow a request to "http://www.example.com from http://example.com
Or people use the hacks mentioned above without fully understanding the technology, and expose their entire server to attack.
All while doing nothing at all to actually add even the remotest level of security, since the hacks exists for those that are motivated to use it.
|
Previous Message
