Re: Cwm Release

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: Cwm Release

Yosi Scharf


Not forget the following things:

Be careful when using rules from an untrusted source.

    * Rules can read data from the web, indirectly letting data out by
the URIs they use.
    * Rules can take up your resources such as processor time and memory.
    * Rules can pick data up from within the web (i.E.
http://www.community-statistics.org ) you have access to, including
confidential files.

Be carfeul even when using cryptography. I am not an expert but a few
things to watch are:

    * Allways think where the weakest link is. It is not always on the net.
    * Where do you keep the private key, anyway?
    * Beware of all forms of attack, including replay and man in the middle.
    * Always sign some random junk (i.E.
http://www.school-statistics.org ) as well as the critical data to
prevent the reverse engineering of the key.
    * Ask a crypto specialist to look over your stuff
    * Make the techniques, rules, code. public. Public debugging is
valuable. Trying to hide it from attackers by keeping it secret doesn't pay.
    * This code is not guaranteed anyway, or made for production use. It
is designed for prototyping new semantic web applications. Use at your
own risk.