- From: Yosi Scharf <syosi@MIT.EDU>
- Date: Sat, 22 Mar 2008 15:28:14 +0700
- To: public-cwm-announce@w3.org
Not forget the following things: Be careful when using rules from an untrusted source. * Rules can read data from the web, indirectly letting data out by the URIs they use. * Rules can take up your resources such as processor time and memory. * Rules can pick data up from within the web (i.E. http://www.community-statistics.org ) you have access to, including confidential files. Be carfeul even when using cryptography. I am not an expert but a few things to watch are: * Allways think where the weakest link is. It is not always on the net. * Where do you keep the private key, anyway? * Beware of all forms of attack, including replay and man in the middle. * Always sign some random junk (i.E. http://www.school-statistics.org ) as well as the critical data to prevent the reverse engineering of the key. * Ask a crypto specialist to look over your stuff * Make the techniques, rules, code. public. Public debugging is valuable. Trying to hide it from attackers by keeping it secret doesn't pay. * This code is not guaranteed anyway, or made for production use. It is designed for prototyping new semantic web applications. Use at your own risk.
Received on Saturday, 22 March 2008 08:29:04 UTC