xml-dev - Re: [xml-dev] Excellent IETF BCP on XML

Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

To: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Subject: Re: [xml-dev] Excellent IETF BCP on XML
From: Rich Salz <rsalz@datapower.com>
Date: Fri, 22 Nov 2002 15:03:03 -0500
Cc: 'Tim Bray' <tbray@textuality.com>, XML Dev <xml-dev@lists.xml.org>
References: <15725CF6AFE2F34DB8A5B4770B7334EE0DF8DB@hq1.pcmail.ingr.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510

Bullard, Claude L (Len) wrote:
> "XML mechanisms that follow external references (External References) may also
 > expose an implementation to various threats by causing the 
implementation to
 > access external resources automatically.

> Hmm.  So namespacesCumURLs are a security problem?

No, a namespace URI is an identifier, and therefore need not be 
followed. The document (which is excellent) is talking about, you know, 
external ENTITY things.

I believe this security issue is one reason why SOAP disallows DTD's.
	/r$

Follow-Ups:
- Re: [xml-dev] Excellent IETF BCP on XML
  - From: "Simon St.Laurent" <simonstl@simonstl.com>

References:
- RE: [xml-dev] Excellent IETF BCP on XML
  - From: "Bullard, Claude L (Len)" <clbullar@ingr.com>

Prev by Date: Re: [xml-dev] The non-future of XHTML x.x [LONG]
Next by Date: RE: [xml-dev] Excellent IETF BCP on XML
Previous by thread: RE: [xml-dev] Excellent IETF BCP on XML
Next by thread: Re: [xml-dev] Excellent IETF BCP on XML
Index(es):
- Date
- Thread