Re: SVG 1.2 Comment: B.2.3 Socket Connections

At 08:45 AM 10/31/2004 +0000, Ian Hickson wrote:
> > B.2.3 Socket Connections
>
>This section is incomplete (the semantics of the interface's members
>are not defined).
>
>Allowing arbitrary socket connections is either very dangerous, or of
>limited use, depending on the security restrictions. If it is allowed
>for any host, it can be used for sending spam. If it is allowed only
>for the originating host, it can be used to perform attacks from HTTP
>ports to HTTPS ports (as noted in the previous section).

Please explain how exactly attack from HTTP to HTTPS can be done with the 
socket interface.

Peter

>  If it is
>restricted to the originating port, then it is no more powerful than
>the previous section, and significantly harder to use.

Received on Monday, 1 November 2004 18:14:55 UTC