Re: Security & draft-ietf-html-fileupload-01.txt
Larry Masinter (masinter@parc.xerox.com)
Fri, 16 Dec 94 19:52:40 EST
At the HTML working group where we discussed this, the main 'security
considerations' issue had to do with recommending that the
HTML-interpreting-agent should not accept a file name for transmission
to the ACTION URL that hadn't been confirmed by the user.
If you had other security considerations that you thought needed to be
addressed, please let me know; otherwise, I think they're the same for
'forms that return data from files' and 'forms that return data'.