[
Lists Home |
Date Index |
Thread Index
]
- From: "Clark C. Evans" <cce@clarkevans.com>
- To: Simon Wilson <Simon.Wilson@crealogix.com>
- Date: Mon, 3 Apr 2000 11:53:23 -0400 (EDT)
On Mon, 3 Apr 2000, Simon Wilson wrote:
> Imagine if all those XML-based B2B systems out there referenced external
> entities on external web-sites. Hack the site, change or remove the DTD/schema
> and a lot of companies are losing a lot of money.
>
> As a result, I think you'll find that most people with their wits about them
> will be taking a copy of standardized DTDs and referencing that instead in order
> to prevent such things from happening.
This is actually deeper. What happens if 3 organizations
agree on a given DTD. They all refer to that DTD, having
it hosted by one of the companies. And then the hosting
company makes a slight 'clarifying' change... which happens
to cause validation of particular documents which were
considered invalid by one organization to succeed.
I think it is rather "essential" to be able to 'ovverride'
the DTD used as a command line option; pointing it to
a local version of the DTD.
Clark
***************************************************************************
This is xml-dev, the mailing list for XML developers.
To unsubscribe, mailto:majordomo@xml.org&BODY=unsubscribe%20xml-dev
List archives are available at http://xml.org/archives/xml-dev/
***************************************************************************
|