xml-dev - Re: [xml-dev] Excellent IETF BCP on XML

Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

To: XML Dev <xml-dev@lists.xml.org>
Subject: Re: [xml-dev] Excellent IETF BCP on XML
From: Miles Sabin <miles@milessabin.com>
Date: Fri, 22 Nov 2002 20:35:26 +0000
In-reply-to: <r01050400-1022-14270CF0FE5611D6B3280003937A08C2@[192.168.124.21]>
References: <r01050400-1022-14270CF0FE5611D6B3280003937A08C2@[192.168.124.21]>

Simon St.Laurent wrote,
> rsalz@datapower.com (Rich Salz) writes:
> > No, a namespace URI is an identifier, and therefore need not be
> > followed. The document (which is excellent) is talking about, you
> > know, external ENTITY things.
>
> So is RDDL now a security risk?

Potentially ... yes.

How many times have we discussed the external entity thing on this list 
now? Any of the issues with them apply equally here.

And in fact David Megginson warned about the dangers of automagically 
dereferencing namespace URIs long before RDDL came along,

  http://lists.xml.org/archives/xml-dev/200101/msg00057.html

Cheers,

Miles

Follow-Ups:
- RE: [xml-dev] Excellent IETF BCP on XML
  - From: "Julian Reschke" <julian.reschke@gmx.de>
- Re: [xml-dev] Excellent IETF BCP on XML
  - From: "Simon St.Laurent" <simonstl@simonstl.com>

References:
- Re: [xml-dev] Excellent IETF BCP on XML
  - From: "Simon St.Laurent" <simonstl@simonstl.com>

Prev by Date: Re: [xml-dev] Excellent IETF BCP on XML
Next by Date: Re: [xml-dev] Excellent IETF BCP on XML
Previous by thread: Re: [xml-dev] Excellent IETF BCP on XML
Next by thread: Re: [xml-dev] Excellent IETF BCP on XML
Index(es):
- Date
- Thread