OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Nitpicking:

s/long before/exactly when/

[1] http://www.openhealth.org/RDDL/20010102/rddl-20010102.htm

--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 

> -----Original Message-----
> From: Miles Sabin [mailto:miles@milessabin.com]
> Sent: Friday, November 22, 2002 9:35 PM
> To: XML Dev
> Subject: Re: [xml-dev] Excellent IETF BCP on XML
> 
> 
> Simon St.Laurent wrote,
> > rsalz@datapower.com (Rich Salz) writes:
> > > No, a namespace URI is an identifier, and therefore need not be
> > > followed. The document (which is excellent) is talking about, you
> > > know, external ENTITY things.
> >
> > So is RDDL now a security risk?
> 
> Potentially ... yes.
> 
> How many times have we discussed the external entity thing on this list 
> now? Any of the issues with them apply equally here.
> 
> And in fact David Megginson warned about the dangers of automagically 
> dereferencing namespace URIs long before RDDL came along,
> 
>   http://lists.xml.org/archives/xml-dev/200101/msg00057.html
> 
> Cheers,
> 
> 
> Miles
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
> 




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS