W3C home > Mailing lists > Public > www-svg@w3.org > November 2004

Re: SVG 1.2 Comment: B.2.3 Socket Connections

From: Peter Sorotokin <psorotok@adobe.com>
Date: Mon, 01 Nov 2004 10:14:47 -0800
To: Ian Hickson <ian@hixie.ch>, www-svg@w3.org
Cc: Håkon Wium Lie <howcome@opera.com>
Message-id: <5.2.0.9.2.20041101101322.055b27f0@mailsj-v1.corp.adobe.com>

At 08:45 AM 10/31/2004 +0000, Ian Hickson wrote:
> > B.2.3 Socket Connections
>
>This section is incomplete (the semantics of the interface's members
>are not defined).
>
>Allowing arbitrary socket connections is either very dangerous, or of
>limited use, depending on the security restrictions. If it is allowed
>for any host, it can be used for sending spam. If it is allowed only
>for the originating host, it can be used to perform attacks from HTTP
>ports to HTTPS ports (as noted in the previous section).

Please explain how exactly attack from HTTP to HTTPS can be done with the 
socket interface.

Peter

>  If it is
>restricted to the originating port, then it is no more powerful than
>the previous section, and significantly harder to use.
Received on Monday, 1 November 2004 18:14:55 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:14:52 UTC