Account Options

  1. Sign in
The old Google Groups will be going away soon.
Switch to the new Google Groups.
Google Groups Home
« Groups Home
SDCH
Home
+ new post
About this group
Join this group
Setting dictionaries for hosts of the format X.Y.domain.com
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   3 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post will appear after it is approved by moderators
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Yoav  
View profile  
 More options May 12 2011, 10:49 am
From: Yoav <yoav.weiss...@gmail.com>
Date: Thu, 12 May 2011 07:49:00 -0700 (PDT)
Subject: Setting dictionaries for hosts of the format X.Y.domain.com
Print | Individual message | Show original | Report this message | Find messages by this author
Hi,

It seems that when I'm trying to set a dictionary on a host of the
format X.Y.domain.com, I get an error of
DICTIONARY_REFERER_URL_HAS_DOT_IN_PREFIX and I'm failing the
Dictionary::CanSet security check function.
From the function's code comments:
  A dictionary is invalid and must not be stored if any of the
following are
  true:
....
   4. The referer URL host is a host domain name (not IP address) and
has the
      form HD, where D is the value of the Domain attribute, and H is
a string
      that contains one or more dots.

Why can't SDCH dictionaries be applied to such hosts?

Thanks,
Yoav


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Jim R  
View profile  
 More options May 19 2011, 2:40 pm
From: Jim R <j...@google.com>
Date: Thu, 19 May 2011 11:40:59 -0700 (PDT)
Local: Thurs, May 19 2011 2:40 pm
Subject: Re: Setting dictionaries for hosts of the format X.Y.domain.com
Print | Individual message | Show original | Report this message | Find messages by this author
I assuming you're not asking why Chrome doesn't do this ('cause the
proposed spec said it?), but rather why the spec does indeed require
this.

I vaguely recall that the restriction was suggested analogously to
handling of cookies, and is based on:

http://www.ietf.org/rfc/rfc2965.txt

which has pretty exactly the restrictive wording seen above.  Search
the RFC for "contains one or more dots."

If these restrictions were not in place, one example of a Reduction Of
Service attack would be for a malicious party to claim (somehow) that
YourFavoriteSite.com has a few hundred dictionaries :-/.  If these
were established in clients, then each HTTP request would have to list
all their hashes :-(.  That in turn would potentially slow requests,
and require increased bandwidth when communicating with
YourFavoriteSite.   I think this same issue is part of the reason to
restrict cookies.

YMMV... but that is some reasoning that comes to mind.

Jim

On May 12, 7:49 am, Yoav <yoav.weiss...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Yoav Weiss  
View profile  
 More options May 20 2011, 5:34 am
From: Yoav Weiss <yoav.weiss...@gmail.com>
Date: Fri, 20 May 2011 11:34:34 +0200
Local: Fri, May 20 2011 5:34 am
Subject: Re: Setting dictionaries for hosts of the format X.Y.domain.com
Print | Individual message | Show original | Report this message | Find messages by this author

Thanks Jim!

I've mistakenly read "domain" in the source code as the primary domain for
the host (rather then the domain on which we're trying to assign the
dictionary). Therefore, this restriction was not clear.
Now it makes perfect sense. Every host can set dictionaries to a domain that
is at most one level "up", but not more then that.

Yoav


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google