On Thu, 3 Apr 2008, Close, Tyler J. wrote: > Maciej Stachowiak wrote: > > > > Can you please post these examples again, or pointers to where you > > posted them? I believe they have not been previously seen on the Web > > API list. > > I've written several messages to the appformats mailing list. I suggest > reading all of them. The most detailed description of the attacks are in > the message at: > > http://www.w3.org/mid/[EMAIL PROTECTED] > > with a correction at: > > http://www.w3.org/mid/[EMAIL PROTECTED]
As noted here: http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0138.html ...these are not problems with the Access Control and XXX specs. XDR is just as susceptible to these problems. The above e-mail also describes ways to mitigate these problems. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
