Lists Home |
Date Index |
Miles Sabin wrote:
> But my point still stands. It isn't just clients executing retrieved
> "active" content that represents a risk: flaws in the clients
> implementation of the base protocol can be just as dangerous.
True, but true also of any other protocol all the way down to IP or
Ethernet. Let's just say that HTTP GET is as safe as it is possible for
a network operation to be.
> So how much do you trust the implementations of the network clients
> you use? Do you trust them enough to have a process feed them
> arbitrary URIs for dereferencing while left unattended?
Google and Alta Vista do, with no apparent ill effects.