xml-dev - Re: [xml-dev] XPointer and XML Schema

Re: [xml-dev] XPointer and XML Schema

[ Lists Home | Date Index | Thread Index ]

To: Jeff Rafter <jeffrafter@defined.net>
Subject: Re: [xml-dev] XPointer and XML Schema
From: Rich Salz <rsalz@datapower.com>
Date: Mon, 15 Jul 2002 23:03:39 -0400 (EDT)
Cc: <xml-dev@lists.xml.org>
In-reply-to: <00cc01c22c6e$c8909b20$32f5d90c@c1980223a>

> >    3. Make the schemalocation hint manditory to provide, and manditory to
> > dereference for Schema-Loading, WRT XPointer.
> 
> This option really scares me!

Me too, but for security reasons.  Mandatory to deref means that I as the 
client can force a server to go open a file of my choosing. That's scary. 
Suppose I send the server schemaLocation="file:///etc/passwd" -- I could 
probably guess some account names from the helpful fault information that 
comes back.
	/r$

References:
- Re: [xml-dev] XPointer and XML Schema
  - From: "Jeff Rafter" <jeffrafter@defined.net>

Prev by Date: Re: [xml-dev] The general XML processing problem
Next by Date: About SAX Filters
Previous by thread: Re: [xml-dev] XPointer and XML Schema
Next by thread: Re: [xml-dev] XPointer and XML Schema
Index(es):
- Date
- Thread