- From: Robin Berjon <robin.berjon@expway.fr>
- Date: Mon, 18 Aug 2003 19:59:19 +0200
- To: Randy Nonay <randy.nonay@net-linx.com>
- Cc: www-svg@w3.org
Randy Nonay wrote: > This argument smacks of using logic in the form of "everything else is flawed, so > why should we bother to fix the error?". > > If you walked upto a bridge and saw 50 people jumping off, to certain death, would > you jump too?? > > The logic that allowing SVG to open up the same issues as Outlook, and not being > concerned about it makes it seem that the proper answer to the above question would > be "yes". I have to disagree... > > And "user training" to prevent the spread of a virus? Just take a look around at > how effective it has been in stopping all those worms that _require_ the user to > execute them to become infected... This is simply not a realistic solution. The > solution _must_ be in the form of making such an attack impossible through SVG, > rather than counting on the intelligence/wisdom of users. This is not what I have said. I think it is important to separate the real issues from the fake ones. Adding connection support does not open up the ability to write viruses, and it does not affect the ability to perform DDoS more than HTML+script does, something that hasn't happened. No, I am not satisfied with simpler "user training". I just wish this discussion to focus on the real security issues, as Thomas has done, rather than on frightening ones that are either not real in this situation or not new regarding what can currently be done in HTML within a browser. -- Robin Berjon <robin.berjon@expway.fr> Research Engineer, Expway http://expway.fr/ 7FC0 6F5F D864 EFB8 08CE 8E74 58E6 D5DB 4889 2488
Received on Monday, 18 August 2003 13:59:25 UTC