W3C home > Mailing lists > Public > public-appformats@w3.org > October 2007

Re: [access-control] Potential security problem (port should be auto-restricted)

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 3 Oct 2007 23:08:59 +0000 (UTC)
To: Jonas Sicking <jonas@sicking.cc>
Cc: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <Pine.LNX.4.62.0710032308380.4889@hixie.dreamhostps.com> 

On Wed, 3 Oct 2007, Jonas Sicking wrote:
>
> Hmm.. this isn't really ideal I think as it would be very easy to forget 
> to add the 'http://' part and inadvertently end up in the situation Ian 
> describes. Could we use the default port of the requesting scheme 
> instead?

That seems fine to me.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 3 October 2007 23:09:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT