Cart
[Home] [By Thread] [By Date] [Recent Entries]
Seairth Jacobs wrote: > Okay, maybe I am slow to see what's wrong here, but I don't see what's wrong > here. I have questions about the security solution presented, but isn't the > problem itself legitimate? If it isn't, would someone be kind enough to > educate me why a self-describing data file is not an easier target for data > theft? Shipping unencrypted sensitive information from anywhere to anywhere over any medium whatsoever is egregiously stupid. Fortunately, the infrastructure is well-supplied with tools to support secure encrypted transmission of anything from anywhere to anywhere; whether the anything is XML or not is purely orthogonal. (Now there's enough of a business case for doing partial encryption (i.e. of particular elements) in XML that there's a W3C WG and so on - it always seemed questionable to me but I assume I just don't understand their apps.) But the reason for doing this has nothing to do whether XML is particularly vulnerable to theft when transmitted unencrypted... if I'm a bad guy I'll be just as happy with a TIFF image of a credit card charge slip... -Tim
|
