OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

miles@milessabin.com (Miles Sabin) writes:
>> So is RDDL now a security risk?
>
>Potentially ... yes.
>
>How many times have we discussed the external entity thing on this list 
>now? Any of the issues with them apply equally here.

Given that RDDL itself contains further links to resources, this
probably needs some kind of direct addressing; "security" doesn't appear
in the current spec.

>And in fact David Megginson warned about the dangers of automagically 
>dereferencing namespace URIs long before RDDL came along,
>
>  http://lists.xml.org/archives/xml-dev/200101/msg00057.html

David's been way ahead of most on these issues.
-- 
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com -- http://monasticxml.org




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS