The trinity of RIA security RE-explained
The trinity of RIA security can best be summed up as:
Zip, Nada, Zilch.
We've known this ever since Active-X was first deployed. Here's Microsoft's "First immutable law of computer security":
"Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore."
Here's DaveK's corollorary to the first immutable law of computer security:
> If you let remote websites execute code on your computer, it's not your computer any more.
When combined with DaveK's axiom of rich internet application security:
> Microsoft invented Active-X /so/ that remote websites can execute code on your computer.
It leads us to DaveK's syllogisms of computer security:
>1. If you let Microsoft execute code on your computer, it's not your computer any more.
>2. Microsoft are the "bad guys".