trust root sanity
meepbear at hotmail.com
Wed Jun 22 11:31:21 PDT 2005
I don't think you can make any reasonable assumption about what's sane and
what's not. Even com/net aren't safe: *.myprivatedomain.com is sane, but
*.eu.com isn't, nor is *.uk.net to list just two.
I currently test against my list of "official" delegated second level
domains (about 700 of them), if trust_root matches and root isn't third
level I reject it, if it doesn't match anything on the list I accept it.
That's as much as I think I'm able to do :).
Trusting *.somedomain.com to ID you also carries the unspoken implication
that anyone somedomain hosts is able to ID you as well. In the case of
Livejournal users for example, that's fine since they can't do scripting,
but that isn't universally the case.
Dont just search. Find. Check out the new MSN Search!
More information about the yadis