W3C home > Mailing lists > Public > uri@w3.org > January 1997

Re: mailto security and semantics

From: Roy T. Fielding <fielding@liege.ICS.UCI.EDU>
Date: Mon, 13 Jan 1997 17:02:47 -0800
To: Larry Masinter <masinter@parc.xerox.com>
Cc: uri@bunyip.com
Message-Id: <9701131702.aa10516@paris.ics.uci.edu>
> # It might help to include some rationale as to why the unsafe headers
> # might be dangerous, or include a reference to a document with such
> # discussion.
> The exposure for 'mailto' is actually not very high: "unintended
> mail". I think the main safeguard is "Don't include any header you
> don't recognize without a strong warning, and never send anything
> without explicit confirmation".

It's a little more than that -- the really unsafe headers are those
that cause local file import or write actions to take place before
the message is sent.  Likewise, if the body is allowed to be given
within the URL, then you also need to be concerned about file and
shell command escape-codes in the body text.  Unfortunately, these
things are completely application dependent, so I'd agree that the
best we can do is simply list the possible problems in the security
section, along with the safeguard mentioned above.

Received on Monday, 13 January 1997 20:22:53 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:33 UTC