- From: Roy T. Fielding <fielding@liege.ICS.UCI.EDU>
- Date: Mon, 13 Jan 1997 17:02:47 -0800
- To: Larry Masinter <masinter@parc.xerox.com>
- Cc: uri@bunyip.com
> # It might help to include some rationale as to why the unsafe headers > # might be dangerous, or include a reference to a document with such > # discussion. > > The exposure for 'mailto' is actually not very high: "unintended > mail". I think the main safeguard is "Don't include any header you > don't recognize without a strong warning, and never send anything > without explicit confirmation". It's a little more than that -- the really unsafe headers are those that cause local file import or write actions to take place before the message is sent. Likewise, if the body is allowed to be given within the URL, then you also need to be concerned about file and shell command escape-codes in the body text. Unfortunately, these things are completely application dependent, so I'd agree that the best we can do is simply list the possible problems in the security section, along with the safeguard mentioned above. .....Roy
Received on Monday, 13 January 1997 20:22:53 UTC