• To: "Bullard, Claude L (Len)" <clbullar@i...>
• Subject: Re: The sky is falling! XML's dirty secret! Go back! It's a trap!
• From: Rich Salz <rsalz@d...>
• Date: Mon, 03 Jun 2002 11:44:42 -0400
• Cc: Paul Prescod <paul@p...>, xml-dev@l...
• References: <2C61CCE8A870D211A523080009B94E430752B511@HQ5>
• User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510

> If the answer is, experts disagree, there is liability and a 
> real problem to be solved somewhere.  That there are costs 
> is assumed.

So far, the only XML-specific risks I've heard about are various attacks 
on Unicode[1].  I think most security people assume that the bad guys 
know what they're looking for (except perhaps Carnivore :), so it 
doesn't matter if the data is XML, ASCII, or private extension fields in 
EDI.

 > XML posits that we all drive the same car and
> so will be equally liable.

Not really; it's more like specifying standard positions for the 
steering wheel, gas pedal, etc.  As I said:  knowing where to look.
	/r$

[1] http://www.counterpane.com/crypto-gram-0007.html#9

• References:
  • RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
    • From: "Bullard, Claude L (Len)" <clbullar@i...>

• Prev by Date: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
• Next by Date: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
• Previous by thread: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
• Next by thread: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
• Index(es):
  • Date
  • Thread