Cart
[Home] [By Thread] [By Date] [Recent Entries]
Original Message From: "Richard Salz" >> For example, all the classes would likely have some common base class >> interface and be created by some factory or other. >Eww, yuck. :) Show me a better way that doesn't require prior knowledge of the XML format. > More technically, that is not the best way to go if you care about > performance or security. > Performance -- Why should I bother to intern a string if it's an > int? Cf, .... That method appears to require an a-priori schema. If I have that I don't need the sender to tell me somethings an int. I already know that. (I do have to check the right format.) And as I understand it, the approach described is far from the norm anyway, and thus only peripherally relevant. > Security -- why should I let a bad-guy send me millions of bytes > just to parse the number 23, unless I like DoS attacks? (Of course, a > really secure solution would have the schema beforehand, but that might > not always be possible.) So they send you a million byte string instead, and call it a string! They can still DoS you. The sender being able to say something's a number doesn't help with this. Pete Cordell Codalogic Ltd Interface XML to C++ the easy way using C++ XML data binding to convert XSD schemas to C++ classes. Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com for more info
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
