W3C home > Mailing lists > Public > www-svg@w3.org > August 2003

Re: SVG1.2 and network sockets was: SVG1.2 and web applications

From: Thomas DeWeese <Thomas.DeWeese@Kodak.com>
Date: Mon, 18 Aug 2003 13:22:25 -0400
Message-ID: <3F410B51.7010504@Kodak.com>
To: Robin Berjon <robin.berjon@expway.fr>
CC: "Fred P." <fprog26@hotmail.com>, www-svg@w3.org

Robin Berjon wrote:
> Fred P. wrote:
>> I agree with you on such point,
>> you don't want to create a new trend of virus/trojan/worm
>> to be EMCAscript/JavaScript based instead of VBA scripts!
>> Don't redo Microsoft Designer mistakes! =)
> Providing the ability to open sockets does not open such security issues 
> as Randy or you describe. It takes opening a more than that to get 
> something as insecure as Outlook.

     Don't be so sure.  It is quite common for socket requests from
a 'secure' set of hosts to be treated differently from socket
requests from other 'outside' hosts.  If an SVG application can open
arbitrary sockets from a machine it means that among other
possabilities the machine can almost certainly be used as an
'open mail relay' (just open a connection to port 25 on the
associated mail server), downloading of internal corperate web
sites, many environments would allow rlogin from a 'trusted' host
given an appropriate login with no password.  Perhaps these are
not as bad as 'Outlook' but they would be more than enough to
ban SVG from every corporate network that had an IT department
that knew anything.

     The Java Sandbox permissions are the way they are for very good
reasons (connect back only to the server you came from) - lots of people
have looked at them and I believe they have been made as permissive as
possible without involving a knowlegable person (and often the person
at the computer can't be counted on to be  knowlegable - remeber most
Outlook trogan horses/viruses require user action! :)

     Please be very careful here!!!

>> That would be a really awful way of dealing with the problem.
>> Like Randy says, I don't want a user to be prompt 2000 times by a 
>> SVG/JavaScript connection hook
>> inside an HTML document with embedded SVG to force him to connect to 
>> something he really don't want,
>> like some damn ActiveX webpage that do all sorts of nasty thing.
> But that bears no relationship. If one wishes to use an IRC client 
> written in SVG, they'll be prompted once for each network they use, 
> which if they use it often is really not much, certainly not the 
> nightmarish thing you describe. We're talking about SVG, not IE. No 
> nasty ActiveX or whatever.

     It concerns me that you seem to consider this such a minor issue.
Honestly, one small misstep here can very effectively kill SVG.

>> Talking to a Server via SOAP/XML-RPC looks more natural.
> IRC over SOAP would not be natural at all. And if the discussion got 
> just a little excited, you'd have to wait to the heat death of the 
> universe before you'd get all the messages!

     I agree that a highly restrictive set of protocols is probably
bad, but one must also remember that in a web context you are often
restricted to http as many corporate firewalls will block anything
else.  This doesn't mean that you shouldn't offer anything else, but
it does mean that HTTP and HTTP based protocols deserve extra attention.
Received on Monday, 18 August 2003 13:23:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:53:58 UTC