[
Lists Home |
Date Index |
Thread Index
]
Depends on how you typically dereference URIs. If you use wget then pipe your results through less then you're right that it is in practice mostly safe. However if you use a modern browser then dereferencing random URIs is probably one of the unsafest activities on the InterWeb.
-----Original Message-----
From: Tim Bray [mailto:tbray@textuality.com]
Sent: Sat 11/23/2002 10:02 AM
To: Miles Sabin
Cc: XML Dev
Subject: Re: [xml-dev] Excellent IETF BCP on XML
Miles Sabin wrote:
> Tim Bray wrote,
>
> >Note that dereferencing a URI via GET is in principle and as far as I
> >can tell in practice safe, assuming you protect against
> >infinitely-large resource representations.
>
> That simply isn't true.
Gimme a break. Sitting on your front step isn't safe if you put a
plastic bag over your head and then bang your head repeatedly on the
railing. Dereferencing a URI involves opening a network connection,
sending off the URI, and getting back some MIME headers and a bag of
bits. Few operations in the computing infrastructure are safer.
Trying to pretend there's danger here obscures the real and serious
problems that arise when you start acting based on what you get without
knowing what you're doing. -Tim
-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
initiative of OASIS <http://www.oasis-open.org>
The list archives are at http://lists.xml.org/archives/xml-dev/
To subscribe or unsubscribe from this list use the subscription
manager: <http://lists.xml.org/ob/adm.pl>
|