OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a ra

[ Lists Home | Date Index | Thread Index ]

Hash: SHA1

> -----Original Message-----
> From: Miles Sabin [mailto:miles@milessabin.com] 
> Sent: 08 June 2002 09:37
> To: xml-dev@lists.xml.org
> [.. XML security risks...]
> Thoughts?

Slightly OT...
This might be interesting adjunct to the recent (somewhat
theoretical) discussions that have been going here and rdf-ig
surrounding downloading or walking RDF XML schema documents or RDF
triples based on ad-hoc peeking into the URIs or XML namespace
munging. It’s interesting to wonder how one could exploit a network
connected RDF application that works via forward chaining or
condition-action pairs to do bad things if it's not properly
sandboxed. I'm assuming we'll have the processors well before we
have a web of trust.

The notion of treating XML as active content is fascinating (and a
bit scary). I wonder if you could set up a for loop for a DOS via
an XSLT sheet?

Bill de hÓra

Version: PGP 7.0.4



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS