OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Miles Sabin wrote:

> Tim Bray wrote,
>
> >Note that dereferencing a URI via GET is in principle and as far as I
> >can tell in practice safe, assuming you protect against
> >infinitely-large resource representations.
>
> That simply isn't true.

Gimme a break.  Sitting on your front step isn't safe if you put a 
plastic bag over your head and then bang your head repeatedly on the 
railing.  Dereferencing a URI involves opening a network connection, 
sending off the URI, and getting back some MIME headers and a bag of 
bits.  Few operations in the computing infrastructure are safer.

Trying to pretend there's danger here obscures the real and serious 
problems that arise when you start acting based on what you get without 
knowing what you're doing.  -Tim





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS