He posted the link to the rsscloud list so I suggested he also post it here - I have no idea why he hasn't. Unfortunately his blog doesn't accept comments either. I've asked to re-post here - it's silly throwing out an article like this without checking his assessment with the list.
While his points appear valid from their brief descriptions, a lot of it is a litany of faults only possible by ignoring common sense and are met by many web applications out there without issue. I mean who designs web apps to download GBs from a blind URL? It breaks the first rule of web app security - never trust your users ;). Pádraic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com OpenID Europe Foundation Irish Representative ________________________________ From: Brett Slatkin <[email protected]> To: pubsubhubbub <[email protected]> Sent: Sun, November 22, 2009 12:14:30 AM Subject: [pubsubhubbub] Security-focused post about PubSubHubbub James Holderness has written some critique of PubSubHubbub security: http://www.xn--8ws00zhy3a.com/blog/2009/11/pubsubhubbub-security-concerns It'd be nice if he had posted to this forum or provided another forum of his own for a response, but either way I plan to write something to go over all of his concerns. In the meantime, I'm happy to say that I think every issue he points out has already been or can easily be mitigated in the hubs that are out there, the biggest help being automatic subscription refreshing (http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.2.html#autorefresh) which can narrow the window of any attack significantly. In my view, his concerns further validate the idea that delegating to hubs is the correct model for real-time feeds, since it's very difficult to get all of the security and DoS details of an implementation correct for every publisher out there. -Brett
