W3C home > Mailing lists > Public > public-qa-dev@w3.org > December 2004

Re: [CSSVal] ports not allowed

From: olivier Thereaux <ot@w3.org>
Date: Wed, 29 Dec 2004 10:22:39 +0900
Message-Id: <213B721E-5938-11D9-BE88-000A95E54002@w3.org>
To: QA Dev <public-qa-dev@w3.org>

On Dec 16, 2004, at 15:47, Terje Bless wrote:
>> The CSS validator currently refuses to query ports < 1024 other than 
>> 80,

> It is actively wrong. There are no restrictions on which ports can 
> provide
> HTTP service, and ports <1024 are «well known» not “reserved” (and, 
> notably,
> their allocations change over time).

After giving this topic a bit more thought, I think the purpose (not 
providing a DDOS tool for cheap) is noble, but the measure in itself 
makes as much sense as worrying about people bringing spoons into a 
forest because they might use them to cut trees.

They *might*, just as people *might* find a way to use HTTP requests to 
hack non-HTTP services...


The part to amend seems to be around
org/w3c/css/util/HTTPURL.java:      if (((port < 1024) && (port != 80) 
&& (port > 0))

There is also
html/parser/Parser.properties:firewallPort=80
which probably is for something else.

-- 
olivier

Received on Wednesday, 29 December 2004 01:22:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 August 2010 18:12:45 GMT