Re: Extra headaches of securing XML

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: xml-dev@l...
Subject: Re: Extra headaches of securing XML
From: Gregory Murphy <Gregory.Murphy@e...>
Date: Tue, 30 Mar 2004 11:13:19 -0800 (PST)
In-reply-to: <4069B802.9050302@d...>

On Tue, 30 Mar 2004, Rich Salz wrote:

> > and I'd bet a zillion bucks that there are awful vulnerabilities lurking 
> > in the cracks where nobody could possibly have thought to look.  -Tim
> 
> There are some that are inherent in XML itself: entities for example, 
> and the fact that there are no size limits (element name with 1e6 
> characters, or 1e6 attributes, or a document 1e6 elements deep). This 
> makes XML inherently more "dangerous" than classic binary formats like 
> ASN.1/DER.

Maybe SGML would be more secure? Hard limits on element name sizes and
attribute counts could be enforced in the SGML declaration.

// Gregory Murphy.  Isopaleocopria.

References:
- Re: Extra headaches of securing XML
  - From: Rich Salz <rsalz@d...>

Prev by Date: Re: xml databases
Next by Date: RE: Extra headaches of securing XML
Previous by thread: Re: Extra headaches of securing XML
Next by thread: RE: Extra headaches of securing XML
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >