- From: David Dorward <david@dorward.me.uk>
- Date: Mon, 14 Mar 2005 16:29:22 +0000
- To: Peter Schilleman <peter@schilleman.demon.nl>
- Cc: www-validator@w3.org
On Mon, Mar 14, 2005 at 02:25:56AM +0100, Peter Schilleman wrote: > Sorry, the IP address 127.0.0.1 is not public. For security reasons, > validating resources located at non-public IP addresses has been > disabled in this service. > > This is not quite the situation, because it's technically impossible to > serve from there! Actually, it isn't. In effect this is asking the validator to get a document from its own webserver and validate that (although that might not be what the user intends). This, combined with view source, would allow anybody access to documents intended for internal use (assuming they existed and were on the first virtual host for the server) - so it is a security issue.. -- David Dorward http://dorward.me.uk
Received on Monday, 14 March 2005 16:29:24 UTC