Note recursive objects in Security Considerations #229
Conversation
index.html
Outdated
| <section id="security-recursive-objects"> | ||
| <h2>Recursive Objects</h2> | ||
| <p> | ||
| Servers should take care to properly handle recursive ActivityStreams |
There was a problem hiding this comment.
I think it might be a good idea to open up "properly". What should the implementer do to protect themselves? Or a short example of what could happen if not. At least I'm not sure what I should do to fulfil this paragraph.
There was a problem hiding this comment.
@jaywink perhaps something like:
Servers should set a limit on how deep to recurse while resolving objects, or otherwise specially handle ActivityStreams objects with recursive references.
Does that seem better to you? It's a bit wordy but I feel like we shouldn't imply that setting a recursion limit is the only way to handle this; there are probably more intelligent things you can do
There was a problem hiding this comment.
I think it's better as it's a bit more concrete on the problem and how to handle it 👍
|
Pushed a new commit with new wording as discussed with @jaywink 👍 |
As discussed on IRC.
I'm not sure this is the best wording, but it seemed decent, so...