• To: <xml-dev@l...>
• Subject: RE: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• From: Bill de hÓra <dehora@e...>
• Date: Sat, 8 Jun 2002 10:12:07 +0100
• Importance: Normal
• In-reply-to: <200206080937.10010.miles@m...>

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> -----Original Message-----
> From: Miles Sabin [mailto:miles@m...] 
> Sent: 08 June 2002 09:37
> To: xml-dev@l...
>
> [.. XML security risks...]
> 
> Thoughts?

Slightly OT...
 
This might be interesting adjunct to the recent (somewhat
theoretical) discussions that have been going here and rdf-ig
surrounding downloading or walking RDF XML schema documents or RDF
triples based on ad-hoc peeking into the URIs or XML namespace
munging. It?s interesting to wonder how one could exploit a network
connected RDF application that works via forward chaining or
condition-action pairs to do bad things if it's not properly
sandboxed. I'm assuming we'll have the processors well before we
have a web of trust.

The notion of treating XML as active content is fascinating (and a
bit scary). I wonder if you could set up a for loop for a DOS via
an XSLT sheet?

Bill de hÓra


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPQHKZeaWiFwg2CH4EQKdewCg8NIh/u1KcUgJcx9YBCYH1GzV6aMAoOqc
UaV7Yro5eisZuCThtmtsHOHv
=0AdS
-----END PGP SIGNATURE-----

• Follow-Ups:
  • Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Miles Sabin <miles@m...>

• References:
  • Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Miles Sabin <miles@m...>

• Prev by Date: RE: xsi:type and broken contracts
• Next by Date: Re: W3C Schema: Resistance is Futile, says Don Box
• Previous by thread: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Next by thread: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Index(es):
  • Date
  • Thread