Sunday, September 07, 2008

10 Things to Help Fixing the Web

Very interesting ideas on fixing the web.

>>>> From GNUcitizen's Let's Fix the Web:
Here they are:
  1. Allow the user to sandbox and unsandbox applications and web resources with a single click
  2. Sandbox by default known applications such as GMail, Yahoo Mail, etc.
  3. In the sandbox, mark all cookies as secure to prevent session leaks
  4. In the sandbox, mark none-session cookies as httpOnly to prevent session hijacks due to XSS
  5. Make sure that while on HTTPS, all embedded resources are delivered over HTTPS as well.
  6. Provide the option to turn off JavaScript, JAVA, Flash, SilverLight, etc on per-sandbox basis
  7. Block any external requests to sandboxed applications
  8. Implement the PHPIDS signature matching mechanism in JavaScript
  9. If the HTML structure is heavily broken, block the page to prevent some types of persistent XSS
  10. Record SSL signatures on trusted network and warn if signature changes while on untrusted network