W3C home > Mailing lists > Public > public-appformats@w3.org > October 2007

Re: [access-control] Potential security problem (port should be auto-restricted)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 3 Oct 2007 19:08:06 -0500
To: Ian Hickson <ian@hixie.ch>
Cc: Jonas Sicking <jonas@sicking.cc>, Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <20071004000806.GP27442@raktajino.does-not-exist.org> 

On 2007-10-03 23:08:59 +0000, Ian Hickson wrote:

> On Wed, 3 Oct 2007, Jonas Sicking wrote:

> > Hmm.. this isn't really ideal I think as it would be very easy to forget 
> > to add the 'http://' part and inadvertently end up in the situation Ian 
> > describes. Could we use the default port of the requesting scheme 
> > instead?

> That seems fine to me.

+1

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Thursday, 4 October 2007 00:08:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT