OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Depends on how you typically dereference URIs. If you use wget then pipe your results through less then you're right that it is in practice mostly safe. However if you use a modern browser then dereferencing random URIs is probably one of the unsafest activities on the InterWeb. 

	-----Original Message----- 
	From: Tim Bray [mailto:tbray@textuality.com] 
	Sent: Sat 11/23/2002 10:02 AM 
	To: Miles Sabin 
	Cc: XML Dev 
	Subject: Re: [xml-dev] Excellent IETF BCP on XML

	Miles Sabin wrote:
	> Tim Bray wrote,
	> >Note that dereferencing a URI via GET is in principle and as far as I
	> >can tell in practice safe, assuming you protect against
	> >infinitely-large resource representations.
	> That simply isn't true.
	Gimme a break.  Sitting on your front step isn't safe if you put a
	plastic bag over your head and then bang your head repeatedly on the
	railing.  Dereferencing a URI involves opening a network connection,
	sending off the URI, and getting back some MIME headers and a bag of
	bits.  Few operations in the computing infrastructure are safer.
	Trying to pretend there's danger here obscures the real and serious
	problems that arise when you start acting based on what you get without
	knowing what you're doing.  -Tim
	The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
	initiative of OASIS <http://www.oasis-open.org>
	The list archives are at http://lists.xml.org/archives/xml-dev/
	To subscribe or unsubscribe from this list use the subscription
	manager: <http://lists.xml.org/ob/adm.pl>


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS