[theora] <video/> and cross site scripting policy.

Jason Self jason.self at gmail.com
Thu Nov 6 18:52:40 PST 2008

> 2) the server can leave the access check to the browser

Even if browsers are updated to include support for this, leaving  
access control to the very software accessing the material means that  
the user can disable the check and make this whole thing completely  

If anyone is concerned about stolen/wasted bandwidth/resources/ 
whatever, I think that the correct solution is to place it behind some  
kind of secure authentication. As long as the content is accessible to  
the general population someone WILL find a way to get to it whether  
you approve or not. 

More information about the theora mailing list