From: Deepayan Sarkar (deepayan@stat.wisc.edu)
Date: Wed Sep 24 2003 - 19:32:09 EDT
On Wednesday 24 September 2003 17:22, jameskass@att.net wrote:
> Suppose you made a document and sent it to me via conventional post.
>
> The last agent handling the document would be the mail carrier.
> Does the mail carrier have the right to open the mailing and
> replace your document with garbage?
>
> An analogy:
>
> Author = Host
> Document = Wine
> Reader = Guest
> Server = Cup
>
> If the host pours a cup of wine for the guest, would we allow a
> mere cup to adulterate our wine?
I'm not saying it's necessarily the right thing to do, but there may be an
argument in favour of the server modifying the document. To take up your
examples, one might claim that the mail carrier has a legitimate right to,
say, irradiate the mail to kill off any possible Anthrax contamination. Or
that any sufficiently advanced cup is allowed to take action to remove any
poisonous substance from the wine served in it. Of course, these actions may
have unintended consequeces till (if at all) the technology is perfected, and
one should have the option of 'turning off' these features. I think it's
understandable if the default settings are as defensive as possible.
I don't know what the HTTP server in question is, but this document may be
relevant (mentioned in Apache's configuration file, just above the option
that controls whether a default character set should be added to the
documents it serves):
http://httpd.apache.org/info/css-security/
Deepayan
This archive was generated by hypermail 2.1.5 : Wed Sep 24 2003 - 20:31:57 EDT