-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10-08-11 02:11 AM, Tim Starling wrote:
*.toolserver.org is most likely full of XSS
vulnerabilities.
You're very probably right - Dispenser has been looking for them in the
past few days, and I don't think they had much difficulty doing so.
I don't think any private data should be delivered
on this domain at
all.
Well, we're asking to have this exposed in the UI and/or API. It happens
to be "private" because nobody bothered to make it available - not
because it falls under the definition of "private data" we use in the
privacy policy, for example.
That said, until it /is/ made available in the API or UI, I'll certainly
respect the rules regarding making such data available.
- -Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxiPu4ACgkQst0AR/DaKHtirACglMKT1zJxtkuHSqdr9VYpNF1G
xfIAn26u7EKSXPrdDwOO1ZppPYQowvdI
=6/8Z
-----END PGP SIGNATURE-----