W3C home > Mailing lists > Public > public-grddl-comments@w3.org > January to March 2007

Re: Security: read vs. write

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Tue, 20 Mar 2007 23:44:45 -0400
Message-ID: <4600AA2D.4010700@ibiblio.org>
To: Elliotte Harold <elharo@macfaq.com>
Cc: public-grddl-comments@w3.org

Eliotte,

    Thanks so much for the comment. Working Group member Jeremy Carroll
believes this would address your comment. The particular operation we
had in mind was from XSLT2: xsl:result-document. Perhaps we should make
this more explicit.

The rewrite of this section was motivated by implementer feedback.
Particularly concerning test security in

   http://jena.sourceforge.net/test/grddl/

which, with a little imagination, could be modified so that malicious 
code took control of an overly trusting machine (by writing 
appropriately to a key OS file). We are currently working on drafting a
more complete test-suite for GRDDL. Do you think this response addresses
your comment by itself, or
should we add a test for this directly to the test suite?


Elliotte Harold wrote:
>
> In section 8 I find:
>
> In particular, operations to read or write URLs are more safely
> executed with the privileges associated with an untrusted party,
> rather than the current user.
>
> I'm not sure what you're considering here with respect to the write
> half of this pair. Standard XSLT never writes any URL, and I wouldn't
> expect GRDDL to as a general rule. In other words, XSLT only GETs.
> never POSTs or PUTs.
>
> There are extensions to do this but you warn against them separately.
>
>


-- 
		-harry

Harry Halpin,  University of Edinburgh 
http://www.ibiblio.org/hhalpin 6B522426
Received on Wednesday, 21 March 2007 03:44:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:11:42 GMT