[
Lists Home |
Date Index |
Thread Index
]
Karl Waclawek writes:
> According to James Clark it is a reasonably well known XML
> vulnerability. I can e-mail you. I am not sure if I should
> post it publicly - any comments on that?
[note: I've seen it by private mail]
Yes, you should post it publicly, for two reasons:
1. People cannot protect themselves against what they don't know.
2. There's very little XML flowing outside the firewall (virtually nil
in Web terms), so there's not much for a script kiddie to attack.
I suppose we need to consider XML-aware Web browsers like MSIE, but
you hardly need a sophisticated attack to crash those anyway.
All the best,
DAvid
--
David Megginson, david@megginson.com, http://www.megginson.com/
|