RE: [proposal] Doco

2003-10-27 Thread Robert Koberg 


 -Original Message-
 From: Stefano Mazzocchi [mailto:[EMAIL PROTECTED]
 Sent: Monday, October 27, 2003 6:06 AM
 To: James Developers List
 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; lenya-
 [EMAIL PROTECTED]
 
 
 On Sunday, Oct 26, 2003, at 23:33 Europe/Rome, Noel J. Bergman wrote:
 
  He's not questioning whether it's encrypted.  His point is, doco sends
  an email to an address, and you respond.  It gives very little
  control,
  even if there is a compromise.
 
  AIUI, the proposed solution would allow anyone to edit content, and
  contribute it as a patch.  Content could include defacements,
  changes to
  .htaccess, and CGI scripts.
 
 nah, dude, look: doco has a very precise editing access point. You can
 *ONLY* modify xml content. So, changes to .htaccess, CGI scripts,
 servlet upload, sql injection, cross-site-scripting, and you next
 favorite attack will NOT work because the system prevents it by design
 [not saying it cannot happen, but if it does it's a bug, not a faulty
 design]

FWIW, I agree. Perhaps the submit goes to a well-formedness check (or even
better?, schema/dtd validation). If it fails, it doesn't even enter the
approval process. Perhaps a notification email is sent describing that an
invalid submittal was sent. The user is returned an error page saying the
post was rejected, in case it was just a mistake.

On another note, can images/PDFs/other-binaries be uploaded?

-Rob


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: s p e w s

2003-08-05 Thread Robert Koberg 
Hi,

 -Original Message-
 From: Kenny Smith [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, August 05, 2003 9:30 AM
 To: James Developers List
 
 I've dealt with SPEWS before and I think the people who run it are
 assholes. They are so militant and elitest it really gets under my skin.
 They don't care how many innocents get blocked by their blanket listings
 because SPEWS isn't blocking anyone, we are just providing a list of
 people.. the ISP is blocking you. While technically, I understand the
 loophole, it's stupid not to take responsibility for your actions.
 
 If you've been listed in SPEWS, you might as well switch ISPs because
 nothing will save you.

I lease machines from rackspace. They are not my ISP. It is not that simple.
I have corrected the problem with rackspace. It turns out that the relay was
not set up correctly.

Did you see:
http://www.somethingawful.com/ (scroll down to the relevant content)



http://forums.somethingawful.com/showthread.php?s=b8637c7e9fd8ae369e4bc34d54
d367a2threadid=642064

 
 Kenny Smith
 SPEWS Hater


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]