- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 3 Apr 2008 01:14:42 +0000 (UTC)
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: "Web API WG (public)" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>
On Thu, 3 Apr 2008, Close, Tyler J. wrote: > Maciej Stachowiak wrote: > > > > Can you please post these examples again, or pointers to where you > > posted them? I believe they have not been previously seen on the Web > > API list. > > I've written several messages to the appformats mailing list. I suggest > reading all of them. The most detailed description of the attacks are in > the message at: > > http://www.w3.org/mid/C7B67062D31B9E459128006BAAD0DC3D074F8B6507@G6W0269.americas.hpqcorp.net > > with a correction at: > > http://www.w3.org/mid/C7B67062D31B9E459128006BAAD0DC3D074F8B650D@G6W0269.americas.hpqcorp.net As noted here: http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0138.html ...these are not problems with the Access Control and XXX specs. XDR is just as susceptible to these problems. The above e-mail also describes ways to mitigate these problems. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 3 April 2008 01:16:16 UTC