• To: Vladimir Gapeyev <vgapeyev@s...>
• Subject: Re: Why XML for Messaging?
• From: Paul Downey <paul.downey@w...>
• Date: Thu, 2 Jun 2005 00:22:55 +0200
• Cc: "Bullard, Claude L (Len)" <len.bullard@i...>,xml-dev@l...
• In-reply-to: <Pine.GSO.4.58.0506011222170.10040@b...>
• References: <15725CF6AFE2F34DB8A5B4770B7334EE07206FA3@h...> <Pine.GSO.4.58.0506011222170.10040@b...>

On 1 Jun 2005, at 18:59, Vladimir Gapeyev wrote:
>
> There is comfort in receiving only data, without anything executable 
> ---
> for security reasons, if not anything else (data can be inspected for
> absence of harm, code has to be trusted; even sandboxing does not help 
> if
> the code is expected to produce side effects that are not easy to roll
> back).  However, people in universities do work on solving the security
> side of the problem --- "proof-carrying code" (PCC) is one relevant
> keyword.

iirc, Google Suggest is interesting in that it returns a string of 
Javascript which is then executed. i guess the Google page trusts the 
Google service, we all trust Google (they're famously not evil) and it 
all works inside a sandbox (a browser) so is fairly safe.


Paul

--
http://blog.whatfettle.com

• References:
  • Why XML for Messaging?
    • From: "Bullard, Claude L (Len)" <len.bullard@i...>
  • Re: Why XML for Messaging?
    • From: Vladimir Gapeyev <vgapeyev@s...>

• Prev by Date: RE: Why XML for Messaging?
• Next by Date: Re: Why XML for Messaging?
• Previous by thread: Re: Why XML for Messaging?
• Next by thread: Re: Why XML for Messaging?
• Index(es):
  • Date
  • Thread