> Date: Tue, 11 May 2004 16:20:11 +0200
> From: Marc Cromme <[log in to unmask]>
>
>> I hate to say this, but ... Wouldn't a polite SRU server, when
>> asked to include a reference a stylesheet on some other server,
>> just quietly fetch it, make a local copy, and return a reference to
>> that? (With all the appropriate caching and stuff going on behind
>> the scenes, of course.)
>
> Then I at least would never implement a polite SRU server. Caching
> own stuff for performance - yes, that's OK, but caching other
> peoples/servers stuff - NO GO.
The cache is not for performance. The stylesheet has come from the
same server as the main response, otherwise most browsers will refuse
to use it. So if an SRU server is to supply references to stylesheets
at all, then they realistically have to be stylesheets that are hosted
by that same server, i.e. local caches of the stylesheet from whatever
URI the client specified. Stupid but true.
> Sneaky people could even use this to fool your server to cache and
> serve arbitrarily content, including illegal music copies and other
> hot stuff. Do not go there!
It is not hard to come up with heuristics to defeat this kind of
attack.
_/|_ _______________________________________________________________
/o ) \/ Mike Taylor <[log in to unmask]> http://www.miketaylor.org.uk
)_v__/\ "Users spend most of their time on _other_ sites" -- Jakob's
Law of the Web User Experience.
--
Listen to my wife's new CD of kids' music, _Child's Play_, at
http://www.pipedreaming.org.uk/childsplay/
|