W3C home > Mailing lists > Public > public-cwm-announce@w3.org > January to March 2008

Re: Cwm Release

From: Yosi Scharf <syosi@MIT.EDU>
Date: Sat, 22 Mar 2008 15:28:14 +0700
Message-ID: <47E4C31E.80501@MIT.EDU>
To: public-cwm-announce@w3.org

Not forget the following things:

Be careful when using rules from an untrusted source.

    * Rules can read data from the web, indirectly letting data out by 
the URIs they use.
    * Rules can take up your resources such as processor time and memory.
    * Rules can pick data up from within the web (i.E. 
http://www.community-statistics.org ) you have access to, including 
confidential files.

Be carfeul even when using cryptography. I am not an expert but a few 
things to watch are:

    * Allways think where the weakest link is. It is not always on the net.
    * Where do you keep the private key, anyway?
    * Beware of all forms of attack, including replay and man in the middle.
    * Always sign some random junk (i.E. 
http://www.school-statistics.org ) as well as the critical data to 
prevent the reverse engineering of the key.
    * Ask a crypto specialist to look over your stuff
    * Make the techniques, rules, code. public. Public debugging is 
valuable. Trying to hide it from attackers by keeping it secret doesn't pay.
    * This code is not guaranteed anyway, or made for production use. It 
is designed for prototyping new semantic web applications. Use at your 
own risk.
Received on Saturday, 22 March 2008 08:29:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:35:16 UTC