On balance, blocking such names makes sense. You can secure YOUR systems, and if that was that I would agree but unless you are going to pay to audit all consumers of the data worldwide, this solution is more pragmatic. I am not sure what we gain by letting company names have code.
from-nibly|1 year ago
It's WAY less pragmatic to test every company name for potential malicious actions in other peoples code that you don't own.
bebrbrhrj|1 year ago
So you have a transitioning issue. You suddenly allow this company name sending a script to a domain they control then it is too dangerous.
Test data like you mentioned is a great idea to increase resiliance. However I don't think that rises the overall ecosystem of consumers of this data to the right level to release actual exploits into the dataset.
Downvoters are probably thinking purely. They are thinking "everyone in the world should make their systems 100% secure against common exploits and let a company name be an arbitrary string".
The problem is that is not realistic.
It works at a corporate level but not across all actors who interact with this dataset and the global internet. You can "should" at them all you like but no one has control over this.
The government can choose: more exploits in the wild or fewer. Allowing script URLs they dont control in company names is the former.
IanCal|1 year ago
stoperaticless|1 year ago
Also, there can be a problem with who/how decides what is code. There are myriad of programming languages already, and for trolling or legal attack purposes, one could build interpreter using arbitrary words as keywords (to make problems for arbitrary company)
desas|1 year ago
Blocking names that look like code is part of a defence in depth approach, it's not a standalone silver bullet.
unknown|1 year ago
[deleted]