- From: Breno de Medeiros <breno@google.com>
- Date: Wed, 11 Feb 2009 16:40:30 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
Received on Thursday, 12 February 2009 00:41:08 UTC
On Wed, Feb 11, 2009 at 4:38 PM, Adam Barth <w3c@adambarth.com> wrote: > On Wed, Feb 11, 2009 at 4:00 PM, Breno de Medeiros <breno@google.com> > wrote: > > All of the above systems target browsers and none have the usage > > requirements of the proposed spec. > > The point is there are enough HTTP servers on the Internet that let > uses upload content in this way that these vendors have added strict > Content-Type processing to their metadata mechanisms. If you don't > even warn consumers of your spec about these threats, those folks will > build applications on top of host-meta that make these servers > vulnerable to attack. Yes, but your solution prevents legitimate use cases that are a higher value proposition. > > > Adam > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7)
Received on Thursday, 12 February 2009 00:41:08 UTC