|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks
vt.edu
Date: Sun Oct 07 2007 - 10:21:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 06 Oct 2007 12:43:16 EDT, "Geo." said:
> If the application is what exposes the URI handling routine to untrusted
> code from the internet, then it's the application's job to make sure that
> code is trusted before exposing system components to it's commands, no?
I think that given a system service that says "I will handle a mailto: URI",
that a programmer can *reasonably* expect the following:
1) That it will be handed to a program that actually does e-mail, and not
a calculator. calc.exe hasn't *yet* followed the programming aphorism that
every program grows until it can read e-mail.
2) That said program can protect itself against overtly malicious input.
"When people pcp a chocky in their mouth, they don't expect steel bolts to
string out and pierce their cheeks" -- Monty Python.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHCPldcC3lWbTT17ARAgYGAKCImr1P+gz8wxN3wE02jtcao0w1AgCdEe8u
vpF7AeVuu6dOZp5fNd1SJ2E=
=XsIW
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]