Cart
[Home] [By Thread] [By Date] [Recent Entries]
For people interested the security/robustness aspects of validation,
here are two relevant articles
http://www.kuro5hin.org/?op=displaystory;sid=2002/6/13/114234/914
http://www.acm.org/technews/articles/2002-4/0614f.html#item6
Does anyone know of any list of the most likely/damaging
security problems for XML, and what kinds of validation
would be appropriate to minimise risks?
Also, if a schema language were to specify fallback
values which would be used when a value was not
valid, would that promote robustness/security
and lessen the need for non-XML properties
(in particular the property related to signalling
validity) in a PSVI?
For example, if a datatyping spec said (in no particular
schema language)
<element name="x">
<datatype name="value" min="1" fallback="#CRAP" />
</element>
the schema processing an instance would replace
<x>0</x>
or
<x>00000000000000000....times 800 to cause buffer problems</x>
with
<x>#CRAP</x>
Cheers
Rick Jelliffe
|
