Cart
[Home] [By Thread] [By Date] [Recent Entries]
At 11:35 AM 1/1/01 +0000, John Wilson wrote: >It would be worthwhile taking a little time to consider the possible >security impact of encouraging XML processing software to dereference >Namespace URIs as a matter of course. > >Performing an HTTP GET on an arbitrary URL is not an innocuous action. Most >web servers have well known vulnerabilities to various forms of malformed >URL. Any HTTP GET facility exposed to the outside world can be abused. Namespace URIs are no different. The issues you raise are equally applicable to XML-RPC, SOAP (not to mention DTDs at the end of URIs in XML 1.0). I look forward to the day when this is a real issue :-). By which I mean that for this to be an real problem, the semantic web will be up and running:-) For now, to paraphrase our resident song writer, I want to read about the pizza myself in a Web browser window by clicking on a link, not have a mozarella definition automatically added to my bookmarks:-) Sean McGrath
|
