- From: <bugzilla@soe.ucsc.edu>
- Date: Fri, 27 Jan 2006 11:33:10 -0800
- To: w3c-dist-auth@w3.org
http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=184
fluffy@cisco.com changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|fluffy@cisco.com |lisa@osafoundation.org
Status|ASSIGNED |NEW
------- Additional Comments From fluffy@cisco.com 2006-01-27 11:33 -------
I'm proposing replacing the whole section 19.8. I'm not married to any of this text and feel free to
reorganize, fix grammar, etc but I was thinking of something along lines of:
19.8 Hosting malicious scripts executed on client machines
HTTP has the ability to host programs which are executed on client machines. These programs can take
many forms including web scripts, executables, plug in modules, and macros in documents. WebDAV
does not change any of the security concerns around these programs yet often WebDAV is used in
contexts where a wide range of users can publish documents on a server. The server might not have a
close trust relationship with the author that is publishing the document. Servers that allow clients to
publish arbitrary content need to consider additional precautions to check that content published to the
server is not harmful to other clients. Servers could do this by techniques such as restricting the types
of content that is allowed to be published and running virus and malware detection software on
published content. Servers can also mitigate the risk by having appropriate access restriction and
authentication of users that are allowed to publish content to the server.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Friday, 27 January 2006 19:33:46 UTC