W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

Re: ACTION-332 OPEN Elaborate on ISSUE-3 Stephen Farrell 2007-11-13

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Mon, 26 Nov 2007 17:51:33 +0000
Message-ID: <474B07A5.8010505@cs.tcd.ie>
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
CC: public-wsc-wg@w3c.org


So, I'm to elaborate on this issue, which relates to whether
or not we should do something about potential XPath/XQuery
type vulnerabilities.

The original mail I sent [1] (a year and a day ago:-)
Two descriptions of relevant vulnerabilities [2,3]

I could imagine this resulting in some new text for section 8.3 [4]
or section 9 [5] of wsc-xit.

I don't have text to offer for that however.

Stephen.

[1] http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0025.html
[2] 
http://www.spidynamics.com/spilabs/education/articles/code-injection.html
[3] http://palisade.plynt.com/issues/2005Jul/xpath-injection/
[4] http://www.w3.org/2006/WSC/drafts/rec/#robustness-apis
[5] http://www.w3.org/2006/WSC/drafts/rec/#authoringAndDeployment


Mary Ellen Zurko wrote:
> 
> If you don't manage the due date of the action item so that it's not 
> overdue, it will be close due to inactivity.
> 
>           Mez
> 
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
> 
> 
> 
> From:	Mary Ellen Zurko/Westford/IBM
> To:	stephen.farrell@cs.tcd.ie
> Date:	11/16/2007 08:33 AM
> Subject:	ACTION-332 OPEN Elaborate on ISSUE-3 Stephen Farrell 2007-11-13
> 
> 
> ------------------------------------------------------------------------
> 
> 
> Please complete this action item asap. If you won't be able to in the 
> next couple of days, please update it with a date that you will actually 
> make.
> 
> _ACTION-332_ <http://www.w3.org/2006/WSC/track/actions/332>	OPEN 
> _Elaborate on ISSUE-3_ <http://www.w3.org/2006/WSC/track/actions/332> 
> Stephen Farrell	2007-11-13
> 
> 
> 
> 
>           Mez
> 
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
> 
> 
> 
Received on Monday, 26 November 2007 17:51:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT