xml-dev - Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a

Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a

[ Lists Home | Date Index | Thread Index ]

To: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Subject: Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
From: Rich Salz <rsalz@datapower.com>
Date: Mon, 03 Jun 2002 11:44:42 -0400
Cc: Paul Prescod <paul@prescod.net>, xml-dev@lists.xml.org
References: <2C61CCE8A870D211A523080009B94E430752B511@HQ5>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510

> If the answer is, experts disagree, there is liability and a 
> real problem to be solved somewhere.  That there are costs 
> is assumed.

So far, the only XML-specific risks I've heard about are various attacks 
on Unicode[1].  I think most security people assume that the bad guys 
know what they're looking for (except perhaps Carnivore :), so it 
doesn't matter if the data is XML, ASCII, or private extension fields in 
EDI.

 > XML posits that we all drive the same car and
> so will be equally liable.

Not really; it's more like specifying standard positions for the 
steering wheel, gas pedal, etc.  As I said:  knowing where to look.
	/r$

[1] http://www.counterpane.com/crypto-gram-0007.html#9

References:
- RE: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
  - From: "Bullard, Claude L (Len)" <clbullar@ingr.com>

Prev by Date: RE: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Next by Date: RE: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Previous by thread: RE: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Next by thread: RE: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Index(es):
- Date
- Thread