[
Lists Home |
Date Index |
Thread Index
]
Simon St.Laurent wrote,
> David Megginson had a nice piece to this effect a few years ago:
> http://www.megginson.com/ugly/index.html
>
> "When XML Turns Ugly"
>
> This was pre-schema, and still largely client-oriented, but has a lot
> of interesting pieces on the dangers of XML processing.
Now you mention it, I do remember a discussion of the some of the
privacy issues a few years ago (I vaguely remember David mentioning
grepping HTTP/DNS server logs for retrievals of external entities).
That might very well be when I started worrying about these things.
To the best of my knowledge tho', there hasn't been much discussion of
using external entities, or schemata, or RDDL, for active attacks as
opposed to snooping.
Cheers,
Miles
|