W3C home > Mailing lists > Public > public-grddl-comments@w3.org > January to March 2007

Security: read vs. write

From: Elliotte Harold <elharo@macfaq.com>
Date: Mon, 05 Mar 2007 10:48:50 -0500
Message-ID: <45EC3BE2.3010707@macfaq.com>
To: public-grddl-comments@w3.org

In section 8 I find:

In particular, operations to read or write URLs are more safely executed 
with the privileges associated with an untrusted party, rather than the 
current user.

I'm not sure what you're considering here with respect to the write half 
of this pair. Standard XSLT never writes any URL, and I wouldn't expect 
GRDDL to as a general rule. In other words, XSLT only GETs. never POSTs 
or PUTs.

There are extensions to do this but you warn against them separately.


-- 
´╗┐Elliotte Rusty Harold      elharo@macfaq.com
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
Received on Monday, 5 March 2007 23:39:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:11:42 GMT