[sc34wg3] <mergeMap/> and security
Lars Marius Garshol
larsga at ontopia.net
Fri Mar 31 08:40:39 EST 2006
* Lars Heuer
>
> While several aspects of the advantages and disadvantages of the
> mergeMap element were discussed here I believe nobody has mentioned
> that the mergeMap feature may be insecure.
Having thought about this for a while, my conclusion is that if you
allow others to add content to your topic map you have to trust them.
They will always be able to add false information, and that in itself
can be dangerous in many cases.
<mergeMap> does add additional ways to harm the receiving server, but
there will always be enough ways of doing that that I think the
ability to add data has to be restricted.
So on reflection I don't think <mergeMap> is an issue on account of
this particular problem.
--
Lars Marius Garshol, Ontopian http://www.ontopia.net
+47 98 21 55 50 http://www.garshol.priv.no
More information about the sc34wg3
mailing list