OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Simon St.Laurent wrote,
> rsalz@datapower.com (Rich Salz) writes:
> > No, a namespace URI is an identifier, and therefore need not be
> > followed. The document (which is excellent) is talking about, you
> > know, external ENTITY things.
> So is RDDL now a security risk?

Potentially ... yes.

How many times have we discussed the external entity thing on this list 
now? Any of the issues with them apply equally here.

And in fact David Megginson warned about the dangers of automagically 
dereferencing namespace URIs long before RDDL came along,





News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS