- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Mon, 26 Nov 2007 17:51:33 +0000
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- CC: public-wsc-wg@w3c.org
So, I'm to elaborate on this issue, which relates to whether or not we should do something about potential XPath/XQuery type vulnerabilities. The original mail I sent [1] (a year and a day ago:-) Two descriptions of relevant vulnerabilities [2,3] I could imagine this resulting in some new text for section 8.3 [4] or section 9 [5] of wsc-xit. I don't have text to offer for that however. Stephen. [1] http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0025.html [2] http://www.spidynamics.com/spilabs/education/articles/code-injection.html [3] http://palisade.plynt.com/issues/2005Jul/xpath-injection/ [4] http://www.w3.org/2006/WSC/drafts/rec/#robustness-apis [5] http://www.w3.org/2006/WSC/drafts/rec/#authoringAndDeployment Mary Ellen Zurko wrote: > > If you don't manage the due date of the action item so that it's not > overdue, it will be close due to inactivity. > > Mez > > Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) > Lotus/WPLC Security Strategy and Patent Innovation Architect > > > > From: Mary Ellen Zurko/Westford/IBM > To: stephen.farrell@cs.tcd.ie > Date: 11/16/2007 08:33 AM > Subject: ACTION-332 OPEN Elaborate on ISSUE-3 Stephen Farrell 2007-11-13 > > > ------------------------------------------------------------------------ > > > Please complete this action item asap. If you won't be able to in the > next couple of days, please update it with a date that you will actually > make. > > _ACTION-332_ <http://www.w3.org/2006/WSC/track/actions/332> OPEN > _Elaborate on ISSUE-3_ <http://www.w3.org/2006/WSC/track/actions/332> > Stephen Farrell 2007-11-13 > > > > > Mez > > Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) > Lotus/WPLC Security Strategy and Patent Innovation Architect > > >
Received on Monday, 26 November 2007 17:51:56 UTC