xml-dev - RE: [xml-dev] Excellent IETF BCP on XML

RE: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

To: 'Tim Bray' <tbray@textuality.com>, XML Dev <xml-dev@lists.xml.org>
Subject: RE: [xml-dev] Excellent IETF BCP on XML
From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Date: Fri, 22 Nov 2002 13:41:36 -0600

"XML mechanisms that follow external references (External References) may also expose an implementation to various threats by causing the implementation to access external resources automatically. It is important to disallow arbitrary access to such external references within XML data from untrusted sources. Many XML grammars define constructs using URIs for external references; in such cases, the same precautions must be taken. "

Hmm.  So namespacesCumURLs are a security problem?

len


From: Tim Bray [mailto:tbray@textuality.com]

This thing has been under development for months and I think it is an 
*excellent* piece of work - I would probably echo pretty well every word 
and just not in the IETF context.  The canonical version is at 
http://www.imc.org/ietf-xml-use/xml-guidelines-07.txt, but there's also 
a nice human-readable HTML version at 
http://www.imc.org/ietf-xml-use/xml-guidelines-07.html

Follow-Ups:
- Re: [xml-dev] Excellent IETF BCP on XML
  - From: Rich Salz <rsalz@datapower.com>

Prev by Date: XML Parsers and how they handle internal entities (amp, quote, apos, etc...)
Next by Date: Re: [xml-dev] XML Parsers and how they handle internal entities (amp, quote, apos, etc...)
Previous by thread: XML Parsers and how they handle internal entities (amp, quote, apos, etc...)
Next by thread: Re: [xml-dev] Excellent IETF BCP on XML
Index(es):
- Date
- Thread