OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a r

[ Lists Home | Date Index | Thread Index ]

Simon St.Laurent wrote,
> David Megginson had a nice piece to this effect a few years ago:
> http://www.megginson.com/ugly/index.html
> "When XML Turns Ugly"
> This was pre-schema, and still largely client-oriented, but has a lot
> of interesting pieces on the dangers of XML processing.

Now you mention it, I do remember a discussion of the some of the 
privacy issues a few years ago (I vaguely remember David mentioning 
grepping HTTP/DNS server logs for retrievals of external entities). 
That might very well be when I started worrying about these things.

To the best of my knowledge tho', there hasn't been much discussion of 
using external entities, or schemata, or RDDL, for active attacks as 
opposed to snooping.




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS