[
Lists Home |
Date Index |
Thread Index
]
Rick Jelliffe wrote,
> > * Unauthorized access to data stored as XML files on the parsing
> > system file system (of course the attacker still needs a way to
> > get these data back)
>
> Err, yes: this is a bit too vague to be credible isn't it.
I sketched a scenario here,
http://lists.xml.org/archives/xml-dev/200206/msg00247.html
(see towards the middle, "unexpected information disclosure"). Maybe
still a bit vague, and highly dependent on the functionality of the
receiving application ... but I think the possibility is credible
enough.
Cheers,
Miles
|