Joe Gregorio wrote:
Ok, I think, after 6 or 7 follow-ups I think I finally see a problem. Here is a scenario:
Malicious user X produces an Atom feed served with an X-Atom-Error header.
Malicious user X could change their X-Atom-Error header to point
to someone elses URI (it could be /their/ Error URI or it could
be a completely different service). Either way Malicious user X then intentionally forces their Atom feed to be invalid, thus
causing all the subscribers to X Atom's feed to hit that
unrelated service.
Am I understanding the scenario correctly?
Yes, and the effect of hitting that unrelated service is unknowable. The operation must be idempotent to be implemented responsibly.
Robert Sayre
