- From: Peter Sorotokin <psorotok@adobe.com>
- Date: Mon, 01 Nov 2004 10:14:47 -0800
- To: Ian Hickson <ian@hixie.ch>, www-svg@w3.org
- Cc: Håkon Wium Lie <howcome@opera.com>
At 08:45 AM 10/31/2004 +0000, Ian Hickson wrote: > > B.2.3 Socket Connections > >This section is incomplete (the semantics of the interface's members >are not defined). > >Allowing arbitrary socket connections is either very dangerous, or of >limited use, depending on the security restrictions. If it is allowed >for any host, it can be used for sending spam. If it is allowed only >for the originating host, it can be used to perform attacks from HTTP >ports to HTTPS ports (as noted in the previous section). Please explain how exactly attack from HTTP to HTTPS can be done with the socket interface. Peter > If it is >restricted to the originating port, then it is no more powerful than >the previous section, and significantly harder to use.
Received on Monday, 1 November 2004 18:14:55 UTC