Lists Home |
Date Index |
> If the answer is, experts disagree, there is liability and a
> real problem to be solved somewhere. That there are costs
> is assumed.
So far, the only XML-specific risks I've heard about are various attacks
on Unicode. I think most security people assume that the bad guys
know what they're looking for (except perhaps Carnivore :), so it
doesn't matter if the data is XML, ASCII, or private extension fields in
> XML posits that we all drive the same car and
> so will be equally liable.
Not really; it's more like specifying standard positions for the
steering wheel, gas pedal, etc. As I said: knowing where to look.