[
Lists Home |
Date Index |
Thread Index
]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Miles Sabin [mailto:miles@milessabin.com]
> Sent: 08 June 2002 09:37
> To: xml-dev@lists.xml.org
>
> [.. XML security risks...]
>
> Thoughts?
Slightly OT...
This might be interesting adjunct to the recent (somewhat
theoretical) discussions that have been going here and rdf-ig
surrounding downloading or walking RDF XML schema documents or RDF
triples based on ad-hoc peeking into the URIs or XML namespace
munging. It’s interesting to wonder how one could exploit a network
connected RDF application that works via forward chaining or
condition-action pairs to do bad things if it's not properly
sandboxed. I'm assuming we'll have the processors well before we
have a web of trust.
The notion of treating XML as active content is fascinating (and a
bit scary). I wonder if you could set up a for loop for a DOS via
an XSLT sheet?
Bill de hÓra
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPQHKZeaWiFwg2CH4EQKdewCg8NIh/u1KcUgJcx9YBCYH1GzV6aMAoOqc
UaV7Yro5eisZuCThtmtsHOHv
=0AdS
-----END PGP SIGNATURE-----
|