Cart
[Home] [By Thread] [By Date] [Recent Entries]
I think what we're really talking about here is a binary representation of XML, and not a machine-code executable compilation of XML. I'd like to assume that when you 'compile' and XML file, PIs are not going to become arbitrary executable code, they'll become a tokenized representation of the original PI, which is basically two strings, a target and data... nothing more, and no security issues other than those that a consuming piece of software might introduce on its own. -- Tom Bradford - http://www.tbradford.org/ CTO - The dbXML Group - http://www.dbxml.com/ Project Labrador - http://www.dbxml.com/labrador/ On Nov 18, 2003, at 11:31 AM, Murali Mani wrote: > > On Tue, 18 Nov 2003, Michael Rys wrote: > >> [Michael Rys] You mean like the format used in the .doc files? :-) >> >> Binary XML in my opinion flies in the face of loosely-coupled >> interoperability. By adding a "standard" binary XML format (be it >> based on ASN PER/BER or some other scheme) the interoperability gets >> bifurcated and the advantage of a single, auditable, interoperable >> format to be used in loosely-coupled environments disappears. In >> closely-coupled systems, you can use something else than XML (or a >> binary format). Since the coupling is closed, you do not need to >> follow a standard (although there are some reasons why you still may >> use XML). > > very true, if MS Office wants to define an interface for other > applications, well and good. Why should we look into the inner > functioning > of MS Office?? But as Len pointed out, there needs to be standard > binary > format for other cases?? > >> [Michael Rys] A processing instruction is just a special form of >> Markup. The software needs to understand it to do anything with it. So >> if the software understands a dangerous PI, then you may have a >> security issue, if the software does not understand any PI, then you >> should not. > > Regarding PIs, however, I am still not convinced totally. If I have a > latex file and I compile it, all I can get is a dvi file. However, > there > are chances of overlooked sideeffects when we have a s/w that > "compiles" > an XML document..?? the s/w needs to know to handle the PI, but > still... > > Anyways, best, murali. > > > ----------------------------------------------------------------- > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an > initiative of OASIS <http://www.oasis-open.org> > > The list archives are at http://lists.xml.org/archives/xml-dev/ > > To subscribe or unsubscribe from this list use the subscription > manager: <http://lists.xml.org/ob/adm.pl> > >
|
