Re: Excellent IETF BCP on XML

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: "Bullard, Claude L (Len)" <clbullar@i...>
Subject: Re: Excellent IETF BCP on XML
From: Rich Salz <rsalz@d...>
Date: Fri, 22 Nov 2002 15:03:03 -0500
Cc: 'Tim Bray' <tbray@t...>, XML Dev <xml-dev@l...>
References: <15725CF6AFE2F34DB8A5B4770B7334EE0DF8DB@h...>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510

Bullard, Claude L (Len) wrote:
> "XML mechanisms that follow external references (External References) may also
 > expose an implementation to various threats by causing the 
implementation to
 > access external resources automatically.

> Hmm.  So namespacesCumURLs are a security problem?

No, a namespace URI is an identifier, and therefore need not be 
followed. The document (which is excellent) is talking about, you know, 
external ENTITY things.

I believe this security issue is one reason why SOAP disallows DTD's.
	/r$

Follow-Ups:
- Re: Excellent IETF BCP on XML
  - From: "Simon St.Laurent" <simonstl@s...>

References:
- RE: Excellent IETF BCP on XML
  - From: "Bullard, Claude L (Len)" <clbullar@i...>

Prev by Date: Re: The non-future of XHTML x.x [LONG]
Next by Date: RE: Excellent IETF BCP on XML
Previous by thread: RE: Excellent IETF BCP on XML
Next by thread: Re: Excellent IETF BCP on XML
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >