xml-dev - Re: [xml-dev] XInclude: security risk 1

Re: [xml-dev] XInclude: security risk 1

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] XInclude: security risk 1
From: Miles Sabin <miles@milessabin.com>
Date: Sat, 26 Oct 2002 19:16:57 +0100
In-reply-to: <4.2.0.58.20021026135751.00a5a2e0@pop3.east.ora.com>
References: <4.2.0.58.20021026135751.00a5a2e0@pop3.east.ora.com>

Simon St.Laurent wrote,
> It reminds me a bit of the issues that David Megginson raised back at
> XTech 2000:
> http://www.xml.com/pub/a/2000/02/xtech/megginson.html
>
> I can't find David's original slides,

You mean these?

  http://www.megginson.com/ugly/slides/slide0001.html

There's also this thread of DMs on traffic analysis, 

  http://lists.xml.org/archives/xml-dev/200101/msg00057.html

which is related. And a little while ago I suggested this,

  http://lists.xml.org/archives/xml-dev/200206/msg00247.html

which does similar firewall penetration tricks as ERHs example, only 
without XInclude, just a parser which retrieves external entities.

Cheers,


Miles

References:
- Re: [xml-dev] XInclude: security risk 1
  - From: "Simon St.Laurent" <simonstl@simonstl.com>

Prev by Date: Re: [xml-dev] XInclude: security risk 1
Next by Date: What are Schemas For?
Previous by thread: Re: [xml-dev] XInclude: security risk 1
Next by thread: Re: [xml-dev] XInclude: security risk 1
Index(es):
- Date
- Thread