Lists Home |
Date Index |
Bullard, Claude L (Len) wrote:
> "XML mechanisms that follow external references (External References) may also
> expose an implementation to various threats by causing the
> access external resources automatically.
> Hmm. So namespacesCumURLs are a security problem?
No, a namespace URI is an identifier, and therefore need not be
followed. The document (which is excellent) is talking about, you know,
external ENTITY things.
I believe this security issue is one reason why SOAP disallows DTD's.