[
Lists Home |
Date Index |
Thread Index
]
I think what we're really talking about here is a binary representation
of XML, and not a machine-code executable compilation of XML. I'd like
to assume that when you 'compile' and XML file, PIs are not going to
become arbitrary executable code, they'll become a tokenized
representation of the original PI, which is basically two strings, a
target and data... nothing more, and no security issues other than
those that a consuming piece of software might introduce on its own.
--
Tom Bradford - http://www.tbradford.org/
CTO - The dbXML Group - http://www.dbxml.com/
Project Labrador - http://www.dbxml.com/labrador/
On Nov 18, 2003, at 11:31 AM, Murali Mani wrote:
>
> On Tue, 18 Nov 2003, Michael Rys wrote:
>
>> [Michael Rys] You mean like the format used in the .doc files? :-)
>>
>> Binary XML in my opinion flies in the face of loosely-coupled
>> interoperability. By adding a "standard" binary XML format (be it
>> based on ASN PER/BER or some other scheme) the interoperability gets
>> bifurcated and the advantage of a single, auditable, interoperable
>> format to be used in loosely-coupled environments disappears. In
>> closely-coupled systems, you can use something else than XML (or a
>> binary format). Since the coupling is closed, you do not need to
>> follow a standard (although there are some reasons why you still may
>> use XML).
>
> very true, if MS Office wants to define an interface for other
> applications, well and good. Why should we look into the inner
> functioning
> of MS Office?? But as Len pointed out, there needs to be standard
> binary
> format for other cases??
>
>> [Michael Rys] A processing instruction is just a special form of
>> Markup. The software needs to understand it to do anything with it. So
>> if the software understands a dangerous PI, then you may have a
>> security issue, if the software does not understand any PI, then you
>> should not.
>
> Regarding PIs, however, I am still not convinced totally. If I have a
> latex file and I compile it, all I can get is a dvi file. However,
> there
> are chances of overlooked sideeffects when we have a s/w that
> "compiles"
> an XML document..?? the s/w needs to know to handle the PI, but
> still...
>
> Anyways, best, murali.
>
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
>
>
|