- From: olivier Thereaux <ot@w3.org>
- Date: Mon, 10 Apr 2006 10:23:08 +0900
- To: Andy Fentem <LA-Fentem@wiu.edu>
- Cc: site-comments@w3.org, Ian B.Jacobs <ij@w3.org>
Hello Andy, Thank you for your enquiry regarding our validation services. If I understand your questions correctly, you are worried about the security of validation for non-public pages. As you probably noticed already, the validator can indeed check protected pages, by asking you for the necessary user and password information, which allows it to retrieve (and validate) the protected resources. I understand that you may be wondering about thhe safety of the password and protected resources once sent to the validator: I can assure you that the validator server is maintained with utmost care regarding security and privacy, and that sensible information received by the validator is neither shared nor at risk of being leaked. That said, when you validate protected resources, just as when you access them with a browser from the internet, the password and page are sent "in the clear", and there is a risk (tiny, however), that people may be "sniffing" your network. Of course, this is neither something you can control, nor us, and the only way to avoid this is to only ever access password-protected resources from inside your university's network, where the risk of sniffing is probably lower. If you wish to do that, you could have an instance of the validator installed on a server on your network (it's fairly easy to install on almost any Web Server): http://validator.w3.org/docs/install.html I hope this answers your questions. If not, feel free to contact me for further clarifications. olivier -- olivier Thereaux - W3C - http://www.w3.org/People/olivier/ W3C Open Source Software: http://www.w3.org/Status
Received on Monday, 10 April 2006 01:23:23 UTC