Media Type 'application/vnd.dpgraph' Details

Media Type 'application/vnd.dpgraph' Details


Basic Info
Media Type application
subtype vnd.dpgraph
Registered? Yes
See also Parker
Extensions

Tags: (none)

File Formats: (none)

Details


From: David Parker [[email protected]]
Sent: Monday, August 23, 1999 9:29 AM
To: [email protected]
Subject: Request for MIME media type Application/Vendor Tree - vnd.dpgraph

Name : David Parker

E-mail : [email protected]

MIME media type name : Application

MIME subtype name : Vendor Tree - vnd.dpgraph

Required parameters : none

Optional parameters :
charset.  A DPGraph file is essentially a US-ASCII file containing
programming language commands that generate and display mathematical
graphs.  However, user comments can be embedded in the file, and those
comments can be in any character set that is a superset of US-ASCII.
Hence, the optional charset parameter is for the convenience of anyone
reading the comments, and is not used by the program that interprets
the mathematical graphing commands.

Encoding considerations :
DPGraph files should be base64-encoded for transmission where
transport is not 8-bit clean.  Other encodings run the danger of
introducing or removing CR's and LF's from files as they are
transferred between users on different operating systems, which may
cause programs which interpret DPGraph files to miscount the number of
lines in the files.

Security considerations :
Security considerations specific to DPGraph files:

1) "File system" threats: none.  The programming language commands in
DPGraph files contain no constructs that allow the program to
read/write/create/erase or otherwise modify the user's file system.
The programming constructs in a DPGraph file are only used to generate
and display graphs on the user's screen.

2) "Peripheral device" threats: the programming language commands in
DPGraph files contain no constructs for sending data to any peripheral
devices (printers and modems, for examples), except for the screen.
With regard to possible screen threats, see the "Denial of screen" and
"Spoofing" threats below.

3) "System command" threats: none.  The programming language commands
in DPGraph files contain no constructs for passing commands to the
operating system, or for calling any external program.

4) "Persistent state" threats: none.  The programming language
commands in DPGraph files contain no constructs for changing the
persistent state of the user's machine.

5) "Viral" threats: none.  DPGraph files contain no binary data except
in user comments; all of the programming language commands are in
US-ASCII and are processed by an interpreter.  Any binary characters
embedded in a DPGraph file should simply be flagged as syntax errors
if they occur in programming language commands, or should be discarded
if they occur in user comments.

6) "Denial of memory" threats: like any other program, an interpreter
for DPGraph files requires system memory in order to execute.  Using
the program language commands in a DPGraph file, it is possible to
request graphs that would require a large, approaching infinite,
amount of memory.  There is no specific defense against this type of
threat.  Programs that interpret DPGraph files should ensure that
there is a way for the user to "kill" the interpreter if it seems to
be taking too much memory.

7) "Denial of cycles" threats: using the programming language commands
in a DPGraph file, it is possible to request graphs that would require
a large, approaching infinite, amount of time to generate.  There is
no specific defense against this type of threat.  Programs that
interpret DPGraph files should ensure that there is a way for the user
to "kill" the interpreter if a graph seems to be taking too long to
display.  They should also ensure that their execution priority is
such that the cycles consumed don't hamper more critical operating
system tasks such as page swapping.

8) "Denial of screen" threats: since DPGraph files are meant to
generate graphs to display on the user's screen, it is conceivable
that someone might think of a malicious reason to fill someone else's
screen with graphs.  To help guard against this possibility, an
interpreter for displaying DPGraph files should be easy for the user
to exit.  The programming language commands in a DPGraph file have no
constructs for displaying arbitrary data at any position on the
screen; DPGraph files can only request the display of graphs inside
the boundaries of the interpreter's window.

9) "Spoofing" threats: since DPGraph files are meant to generate
graphs to display on the user's screen, it is conceivable that someone
might create a graph with the malicious intent of confusing the user
about what they are seeing on the screen.  To help guard against this
possibility, interpreters for DPGraph files should make sure to
display the graph inside a window that clearly identifies the
interpreter.

Here are just two of the many general security threats involved in
transmitting files, and running programs to view them, which are not
specific to DPGraph files:

1) "Bug" threats: A bug in a program that interprets DPGraph files
could conceivably be exploited as a security threat.  No such bugs are
known.  The best way to guard against this type of security problem
would be to fix the bug as quickly as possible, and make the fixed
copies available to all current users.

2) "File system" threats: someone could transmit a huge DPGraph file
with the intention of occupying large amounts of somebody else's
storage.

Interoperability considerations :
None.  The format of DPGraph files is independent of the user's
computer or operating system.

Published specification :
The format of DPGraph files is described in the help information
supplied with DPGraph 2000, available from www.davidparker.com.

Applications which use this media :
Two known applications which use DPGraph files are DPGraph 2000,
available from www.davidparker.com, and MathWare Cyclone, available
from www.mathware.com.  Both were programmed by David Parker.

Additional information :

1. Magic number(s) :
2. File extension(s) : .dpg .mwc .dpgraph
3. Macintosh file type code : 
4. Object identifiers(s) or OID(s) :

Person to contact for further information :

1. Name : David Parker
2. E-mail : [email protected]

Intended usage : Common

Author/Change controller :  David Parker, www.davidparker.com,
[email protected]