Re: Checking Recursion from Terje Bless on 2005-02-05 (public-qa-dev@w3.org from February 2005)

From: Terje Bless <link@pobox.com>
Date: Sun, 6 Feb 2005 00:17:16 +0100
To: QA Dev <public-qa-dev@w3.org>
Message-ID: <b02010503-1037-1359722C77CC11D9B94E000D9348908C@[193.157.66.142]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bjoern Hoehrmann <derhoermi@gmx.net> wrote:

>>>[…] we should rather check the URL of the target […]
>>Too many pitfalls to implement reliably, alas. That's what I started
>>out with, but ended up rejecting it for this method.
>
>Maybe you can elaborate on this? Is this an implementation issue or do
>you think about some edge cases like two validator implementations that
>validate each other?

Well, there are certainly the edge cases, but mainly it's a question of
recognizing when we're looking at an URL to ourselves; including all the
various ways “we” can be referred to.

I couldn't come up with any good way to do that more or less reliably, hence
the current implementation. I'm not even sure the current code works to
satisfaction; it was just the best I could come up with.

But don't get me wrong; I'm not looking for the theoretical perfect
implementation, just something to discourage casual abuse.

>Well, one of the very first things you'd do to check your installation
>would be to click on the Valid Foo badge on the homepage (or on the
>results page for your first validation result).

I'm not sure I agree with that, but…

>Allowing limited recursion is about as dangerous as allowing untrusted
>parties to use it in the first place.

…there is that, I suppose.

Would everyone with an opinion please chime in with a number please?

  Default Config: ? (is 0 now)
        v.w3.org: ?

Perhaps the logic should be: a positive integer means to limit recursion to
that depth, and 0 means to allow infinite recursion?

Or, possibly, we shouldn't even have a config option for this; it should check
itself, but not allow further recursion at all.

- -- 
"It's not the mere technical details of inserting the live round into the
 chamber, pointing the weapon at one's foot, and pulling the trigger, but
 rather, it's about the advisability of doing that in the first place."
                                             -- "Alan J. Flavell" on ciwah

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.2.2

iQA/AwUBQgVT+6PyPrIkdfXsEQKBfQCffvI4V0/83lmAlOz8J9PoeRisG0sAoNiz
aptq2lhjf2Jd/yCcbkeTq8xs
=RGMH
-----END PGP SIGNATURE-----

Received on Saturday, 5 February 2005 23:17:20 UTC