Lists Home |
Date Index |
Tim Bray assured us on the www-tag list that
the namespace UR:/URI in no way is a security issue
and cited his experience with security agencies
of the US Government. I gotta believe they
thought about this. In effect, the protocol
designer has to specify what is to be done
via automagic dereferencing as URIs are always
From: Miles Sabin [mailto:email@example.com]
Simon St.Laurent wrote,
> So is RDDL now a security risk?
Potentially ... yes.
How many times have we discussed the external entity thing on this list
now? Any of the issues with them apply equally here.
And in fact David Megginson warned about the dangers of automagically
dereferencing namespace URIs long before RDDL came along,