[
Lists Home |
Date Index |
Thread Index
]
- To: "James Clark" <jjc@jclark.com>,<xml-dev@lists.xml.org>
- Subject: RE: [xml-dev] Interesting mailing list & a rare broadside
- From: "Dare Obasanjo" <dareo@microsoft.com>
- Date: Fri, 7 Jun 2002 20:40:25 -0700
- Thread-index: AcIOnWws7O594h/gTUWBLMclMSmDEgAAECfw
- Thread-topic: [xml-dev] Interesting mailing list & a rare broadside
> -----Original Message-----
> From: James Clark [mailto:jjc@jclark.com]
> Sent: Friday, June 07, 2002 8:35 PM
> To: Dare Obasanjo; xml-dev@lists.xml.org
> Subject: RE: [xml-dev] Interesting mailing list & a rare broadside
>
> So, are you saying that the answer to my question is
> basically "no", since
> there is always the possibility that the root element of the
> instance will
> use a namespace not in the schema cache?
>
> If that's so, although it's perfectly conformant, it seems
> like a fairly
> major potential security/robustness hole. Suppose an
> application is trying
> to use validation to protect itself from bad input. It
> carefully loads the
> schema cache with the namespaces it knows about, and calls
> validate(). Now
> the bad guy comes along and uses a root element from some
> other namespace
> and uses xsi:schemaLocation to point to his own schema that
> that has a
> declaration for that element and uses <xs:any namespace="##any"
> processContents="skip"/>. Won't they just have almost completely
> undermined any protection that was supposed to come from validation?
That is an interesting theoretical attack which I don't think anything
in the W3C XML Schema recommendation prevents. You bring up a good point
which I'll have to discuss with our resident W3C XML Schema folks when
they get in on Monday.
--
PITHY WORDS OF WISDOM
The shortest distance between two points is under repair.
This posting is provided "AS IS" with no warranties, and confers no
rights.
|