Re: small text change?

On Mon, Mar 14, 2005 at 02:25:56AM +0100, Peter Schilleman wrote:

> Sorry, the IP address 127.0.0.1 is not public. For security reasons, 
> validating resources located at non-public IP addresses has been 
> disabled in this service.
> 
> This is not quite the situation, because it's technically impossible to 
> serve from there!

Actually, it isn't. In effect this is asking the validator to get a
document from its own webserver and validate that (although that might
not be what the user intends). This, combined with view source, would
allow anybody access to documents intended for internal use (assuming
they existed and were on the first virtual host for the server) - so
it is a security issue..

-- 
David Dorward                                      http://dorward.me.uk

Received on Monday, 14 March 2005 16:29:24 UTC