W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2006

[Bug 184] Clarifications requested for section 19.8 on hosting malicious content

From: <bugzilla@soe.ucsc.edu>
Date: Fri, 27 Jan 2006 11:33:10 -0800
Message-Id: <200601271933.k0RJXA9T011146@ietf.cse.ucsc.edu>
To: w3c-dist-auth@w3.org

http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=184

fluffy@cisco.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|fluffy@cisco.com            |lisa@osafoundation.org
             Status|ASSIGNED                    |NEW



------- Additional Comments From fluffy@cisco.com  2006-01-27 11:33 -------

I'm proposing replacing the whole section 19.8. I'm not married to any of this text and feel free to 
reorganize, fix grammar, etc but I was thinking of something along lines of:


19.8 Hosting malicious scripts executed on client machines

HTTP has the ability to host programs which are executed on client machines. These programs can take 
many forms including web scripts, executables, plug in modules, and macros in documents. WebDAV 
does not change any of the security concerns around these programs yet often WebDAV is used in 
contexts where a wide range of users can publish documents on a server. The server might not have a 
close trust relationship with the author that is publishing the document.  Servers that allow clients to 
publish arbitrary content need to consider additional precautions to check that content published to the 
server is not harmful to other clients. Servers could do this by techniques such as restricting the types 
of content that is allowed to be published and running virus and malware detection software on 
published content. Servers can also mitigate the risk by having appropriate access restriction and 
authentication of users that are allowed to publish content to the server. 





------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Friday, 27 January 2006 19:33:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:13 GMT