Lists Home |
Date Index |
Miles Sabin wrote:
> Tim Bray wrote,
> >Note that dereferencing a URI via GET is in principle and as far as I
> >can tell in practice safe, assuming you protect against
> >infinitely-large resource representations.
> That simply isn't true.
Gimme a break. Sitting on your front step isn't safe if you put a
plastic bag over your head and then bang your head repeatedly on the
railing. Dereferencing a URI involves opening a network connection,
sending off the URI, and getting back some MIME headers and a bag of
bits. Few operations in the computing infrastructure are safer.
Trying to pretend there's danger here obscures the real and serious
problems that arise when you start acting based on what you get without
knowing what you're doing. -Tim