RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)

[Bill de hÓra <dehora@eircom.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> -----Original Message-----
> From: Miles Sabin [mailto:miles@milessabin.com] 
> Sent: 08 June 2002 09:37
> To: xml-dev@lists.xml.org
>
> [.. XML security risks...]
> 
> Thoughts?

Slightly OT...
 
This might be interesting adjunct to the recent (somewhat
theoretical) discussions that have been going here and rdf-ig
surrounding downloading or walking RDF XML schema documents or RDF
triples based on ad-hoc peeking into the URIs or XML namespace
munging. It’s interesting to wonder how one could exploit a network
connected RDF application that works via forward chaining or
condition-action pairs to do bad things if it's not properly
sandboxed. I'm assuming we'll have the processors well before we
have a web of trust.

The notion of treating XML as active content is fascinating (and a
bit scary). I wonder if you could set up a for loop for a DOS via
an XSLT sheet?

Bill de hÓra


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPQHKZeaWiFwg2CH4EQKdewCg8NIh/u1KcUgJcx9YBCYH1GzV6aMAoOqc
UaV7Yro5eisZuCThtmtsHOHv
=0AdS
-----END PGP SIGNATURE-----