[theora] <video/> and cross site scripting policy.
Jason Self
jason.self at gmail.com
Thu Nov 6 18:52:40 PST 2008
> 2) the server can leave the access check to the browser
Even if browsers are updated to include support for this, leaving
access control to the very software accessing the material means that
the user can disable the check and make this whole thing completely
ineffective.
If anyone is concerned about stolen/wasted bandwidth/resources/
whatever, I think that the correct solution is to place it behind some
kind of secure authentication. As long as the content is accessible to
the general population someone WILL find a way to get to it whether
you approve or not.
More information about the theora
mailing list