OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Tim Bray assured us on the www-tag list that 
the namespace UR:/URI in no way is a security issue 
and cited his experience with security agencies 
of the US Government.   I gotta believe they 
thought about this.  In effect, the protocol 
designer has to specify what is to be done 
via automagic dereferencing as URIs are always 


From: Miles Sabin [mailto:miles@milessabin.com]

Simon St.Laurent wrote,

> So is RDDL now a security risk?

Potentially ... yes.

How many times have we discussed the external entity thing on this list 
now? Any of the issues with them apply equally here.

And in fact David Megginson warned about the dangers of automagically 
dereferencing namespace URIs long before RDDL came along,


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS