OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Bullard, Claude L (Len) wrote,
> Yep.  However, since packets are sniffable?

Umm ... you've not been paying attention, have you ;-)

Other than the stuff David mentioned, the external entity attacks I 
disussed here,


are directly applicable if RDDL documents are retrieved recklessly.

Elliotte RH's XInclude attack is similar,


and he came up with another entity variant here,


And there was also the BugTraq advisory reporting poor choices of 
default retreival behaviour for external entities here by several 
widely deployed parsers,


I wouldn't be at all surprised if we see another one some time in the 
future reporting poor choices of retrieval behaviour for RDDL 




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS