W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > April to June 2009

Re: Security Concerns section added to Query_by_reference

From: Steve Harris <steve.harris@garlik.com>
Date: Thu, 16 Apr 2009 14:04:15 +0100
Cc: public-rdf-dawg@w3.org
Message-Id: <722BAD74-703E-46DA-BAF4-660236A2BE58@garlik.com>
To: Kjetil Kjernsmo <Kjetil.Kjernsmo@computas.com>
On 16 Apr 2009, at 13:54, Kjetil Kjernsmo wrote:

> On Tuesday 07 April 2009 15:35:56 Gregory Williams wrote:
>> The underlying problem here seems to
>> me to be the existence of a HTTP GET operation that is deleting data,
>
> ...and quite frankly, if someone lets a HTTP GET alter significant  
> data on the
> server, then they deserve to have all their data deleted :-P I think  
> that's
> widely known as extremely dangerous to do, the first bot to come  
> along would
> wreak havoc.

Well, that was just an example. It doesn't alter the concern that  
letting external services trigger GET requests from inside a firewall  
is a bad idea in general.

It's still pretty easy to cause hard-to-trace DOS attacks and other  
problems.

- Steve

-- 
Steve Harris
Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK
+44(0)20 8973 2465  http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10  
9AD
Received on Thursday, 16 April 2009 13:04:52 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:38 GMT