- From: Jim Whitehead <ejw@soe.ucsc.edu>
- Date: Mon, 26 Sep 2005 12:50:15 -0700
- To: WebDav <w3c-dist-auth@w3.org>
- Message-Id: <E8EA8F4D-B1B1-4FE4-A881-057CFD6D25C1@cs.ucsc.edu>
> Funny enough, supporting the Webfolder client actually was an > afterthought, and both other current client implementations fall > into the filesystem category. > > And, as a matter of fact, both implementors asked for the ability > to also <open> files, so that they can be directly edited. > > The problem here is a security risk, mentioned in <http:// > greenbytes.de/tech/webdav/draft-reschke-webdav-mount- > latest.html#security.considerations>: if a client just maps the > WebDAV server to a filesystem, and translates <open> requests into > whatever the system's shell does on double-click, this introduces a > huge security hole: a malevolent could simply send a <open> request > for an executable file, and the client would then potentially open > (= execute) it without any additional confirmation by the user. > > I'm not saying that this issue can't be dealt with, but at this > stage I preferred to err on the side of security. If people feel > the spec should allow <open> on non-collection, please try to come > up with a spec text that can address this concern. I dunno -- it doesn't seem reasonable that the default mapping of GET to an executable resource would be to execute a binary. For example, this isn't the case with Apache. - Jim
Received on Monday, 26 September 2005 19:50:30 UTC