I second this, so if you have time Jeremy, I'd just go do it. The sooner we get a complete WD of the test-suite the better, and the security component is rather crucial. > > > Here are my thoughts about security tests. > > a) have section of test document with them in > b) have a test class test:SecurityTest > c) do not provide instructions for running security tests > > d) have the following para in the section of the test document. > > [[ > The following security tests are provided for implementers to > adapt and use for their implementation. > Security issues are usually system specific, and as is shown > in test TODO, it may be possible for a malicious party to access > XSLT version and vendor information concerning a specific GRDDL > agent instance. > These tests were developed during the development of the Jena > GRDDL Reader which uses the Saxon8.8 XSLT processor. They hence > illustrate how a malicious party may try to abuse features > of such an implementation. > We do not provide instructions as to how to test your system > against these tests, since they are likely to be not directly > applicable. > Developers of GRDDL aware agents are encouraged to understand > these tests, and consider how their own systems may have > potential security weaknesses. > ]] > > e) include the six Jena tests (which I can donate to W3C) > > Jeremy > > -- -harry Harry Halpin, University of Edinburgh http://www.ibiblio.org/hhalpin 6B522426Received on Friday, 23 March 2007 19:15:10 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:11:48 GMT