W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > April to June 2009

Re: Security Concerns section added to Query_by_reference

From: Kjetil Kjernsmo <Kjetil.Kjernsmo@computas.com>
Date: Thu, 16 Apr 2009 16:32:13 +0200
To: public-rdf-dawg@w3.org
Message-Id: <200904161632.13267.Kjetil.Kjernsmo@computas.com>
On Thursday 16 April 2009 15:04:15 Steve Harris wrote:
> Well, that was just an example. It doesn't alter the concern that  
> letting external services trigger GET requests from inside a firewall  
> is a bad idea in general.

That's true, but it was a bad example. :-) The main concern, I think, is that 
it makes it harder to configure the infrastructure to distinguish an 
unprivileged external user and a privileged internal user.

We could make it an optional feature, where the server may send a 403 if it 
doesn't support it.

Then the server admin may decide if they want to accept the risks.

Kind regards 

Kjetil Kjernsmo
Senior Knowledge Engineer
Mobile: +47 986 48 234
Email: kjetil.kjernsmo@computas.com   
Web: http://www.computas.com/


Computas AS  PO Box 482, N-1327 Lysaker | Phone:+47 6783 1000 | Fax:+47 6783 
Received on Thursday, 16 April 2009 14:32:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:00:54 UTC