Re: Relax NG, Thoughts, etc.

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: Burak Emir <Burak.Emir@e...>
Subject: Re: Relax NG, Thoughts, etc.
From: Rich Salz <rsalz@d...>
Date: Sat, 4 Dec 2004 09:35:30 -0500 (EST)
Cc: "xml-dev@l..." <xml-dev@l...>
In-reply-to: <41B1C4EC.3010206@e...>

> If one uses XML for serializing objects and nothing else, then things
> get easier. But developing real systems would get easier if there was a
> way of developing them so that validity (well-typedness) is checked
> statically.

Sure, as long as (a) everyone is using the same object system, and (b)
you're not worried about an adversary sending data that will cause your
object-creation code to create bad/dangerous/evil objects; and (c) you are
not worried about your objects leaking internal information, or (c') you
take steps to prevent this, such as by having internal and external/proxy
objects.

That's a pretty powerful set of concerns, I think, and I wouldn't
particularly call any of them easy.

If you treat XML as the data, and not as an objevct serialization format,
then (a) you get to use the new cool SOA buzzword; and (b) you tend to
build safer systems.

	/r$

-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

Follow-Ups:
- Re: Relax NG, Thoughts, etc.
  - From: Burak Emir <Burak.Emir@e...>

References:
- Re: Relax NG, Thoughts, etc.
  - From: Burak Emir <Burak.Emir@e...>

Prev by Date: Re: XML Pipeline
Next by Date: Re: Relax NG, Thoughts, etc.
Previous by thread: Re: Relax NG, Thoughts, etc.
Next by thread: Re: Relax NG, Thoughts, etc.
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >