OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Wrapping Scripted Media in RSS: Secure?

[ Lists Home | Date Index | Thread Index ]

On 9/22/05, Bill Kearney <wkearney@syndic8.com> wrote:
> > > Indeed.  But new technologies, or new uses of existing tech, often
> > > present unforseeable risks. (ask me about
> > > beaming newton notes sometime!)
> > Yes! What about beaming newton notes?
>
> I once wrote an app that would send complex notes that had code attached to
> their elements.  
 
I spent a good chunk of my early career building mail systems, staring with mail systems for NetNorth (the Canadian end of Arpanet) then VM PROFS gateways to various system, then finally products that did MS Mail and Lotus Notes exchange with anything to anything (the later technology eventually made it's way into the first versions of MS Exchange Server). 
 
Every single mail system I worked on eventually gained the capability to exchange some kind of scripted content and/or the ability to run a large variety of embedded objects. I once spent an lunch hour with a gentleman from IBM giving him the sketch of what was needed for the PROFS "user exits" and six months later they showed up in the product. The demand for the capability was so great that it resulted in the shortest cycle from spec to implementation I've ever seen IBM complete.
 
It makes sense that any time you have a basic transport that is generally useful, people are going to want to use it to transport anything and everything.  Not acknowledging this up front and engineering for it will eventually result in your system being replaced by something that does what the users want. And yes, I do believe that applies to RSS, IM, etc....
 
<snip/>

> Live content, scripting and unintended consequences is nothing new.  Lack of
> effective sandboxing isn't either, sad to say.
 
Aye! If you're working in a sensitive environment you scan, sniff x-ray and maybe quarantine your physical mail. No reason you shouldn't expect to do the same for sensitive computer environments. 

--
Peter Hunsberger
 




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS