- From: Tim Bray <tbray@textuality.com>
- Date: Mon, 23 Jun 2003 12:58:29 -0700
- To: WWW-Tag <www-tag@w3.org>
We're working on the contentEoverride-24 finding, and it has been
suggested that there are security implications in the case where a web
agent decides to ignore the media-type the server sent and decide to
handle the incoming data in some other fashion based on, for example,
peeking inside the data and guessing what it is.
Whereas this is easy to believe, we'd like to see a specific scenario or
two showing how nefarious action or erroneous practice could lead to a
security breach.
(Note that there are other reasons why this is a bad thing to, we're
just focusing on the security issue here).
--
Cheers, Tim Bray
(ongoing fragmented essay: http://www.tbray.org/ongoing/)
Received on Monday, 23 June 2003 15:58:30 UTC