OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] XInclude: security risk 1

[ Lists Home | Date Index | Thread Index ]

Simon St.Laurent wrote,
> It reminds me a bit of the issues that David Megginson raised back at
> XTech 2000:
> http://www.xml.com/pub/a/2000/02/xtech/megginson.html
>
> I can't find David's original slides,

You mean these?

  http://www.megginson.com/ugly/slides/slide0001.html

There's also this thread of DMs on traffic analysis, 

  http://lists.xml.org/archives/xml-dev/200101/msg00057.html

which is related. And a little while ago I suggested this,

  http://lists.xml.org/archives/xml-dev/200206/msg00247.html

which does similar firewall penetration tricks as ERHs example, only 
without XInclude, just a parser which retrieves external entities.

Cheers,


Miles




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS