xml-dev - Re: [xml-dev] Word 2003 schemas available

Re: [xml-dev] Word 2003 schemas available

[ Lists Home | Date Index | Thread Index ]

To: Murali Mani <mani@CS.UCLA.EDU>
Subject: Re: [xml-dev] Word 2003 schemas available
From: Tom Bradford <bradford@dbxmlgroup.com>
Date: Tue, 18 Nov 2003 11:39:47 -0700
Cc: <xml-dev@lists.xml.org>,Michael Rys <mrys@microsoft.com>
In-reply-to: <Pine.SOL.4.33.0311181021420.6786-100000@panther.cs.ucla.edu>
References: <Pine.SOL.4.33.0311181021420.6786-100000@panther.cs.ucla.edu>

I think what we're really talking about here is a binary representation 
of XML, and not a machine-code executable compilation of XML.  I'd like 
to assume that when you 'compile' and XML file, PIs are not going to 
become arbitrary executable code, they'll become a tokenized 
representation of the original PI, which is basically two strings, a 
target and data... nothing more, and no security issues other than 
those that a consuming piece of software might introduce on its own.

--
Tom Bradford - http://www.tbradford.org/
CTO - The dbXML Group - http://www.dbxml.com/
Project Labrador - http://www.dbxml.com/labrador/

On Nov 18, 2003, at 11:31 AM, Murali Mani wrote:

>
> On Tue, 18 Nov 2003, Michael Rys wrote:
>
>> [Michael Rys] You mean like the format used in the .doc files? :-)
>>
>> Binary XML in my opinion flies in the face of loosely-coupled
>> interoperability. By adding a "standard" binary XML format (be it
>> based on ASN PER/BER or some other scheme) the interoperability gets
>> bifurcated and the advantage of a single, auditable, interoperable
>> format to be used in loosely-coupled environments disappears. In
>> closely-coupled systems, you can use something else than XML (or a
>> binary format). Since the coupling is closed, you do not need to
>> follow a standard (although there are some reasons why you still may
>> use XML).
>
> very true, if MS Office wants to define an interface for other
> applications, well and good. Why should we look into the inner 
> functioning
> of MS Office?? But as Len pointed out, there needs to be standard 
> binary
> format for other cases??
>
>> [Michael Rys] A processing instruction is just a special form of
>> Markup. The software needs to understand it to do anything with it. So
>> if the software understands a dangerous PI, then you may have a
>> security issue, if the software does not understand any PI, then you
>> should not.
>
> Regarding PIs, however, I am still not convinced totally. If I have a
> latex file and I compile it, all I can get is a dvi file. However, 
> there
> are chances of overlooked sideeffects when we have a s/w that 
> "compiles"
> an XML document..?? the s/w needs to know to handle the PI, but 
> still...
>
> Anyways, best, murali.
>
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
>
>

References:
- RE: [xml-dev] Word 2003 schemas available
  - From: Murali Mani <mani@CS.UCLA.EDU>

Prev by Date: RE: [xml-dev] Word 2003 schemas available
Next by Date: RE: [xml-dev] Word 2003 schemas available
Previous by thread: RE: [xml-dev] Word 2003 schemas available
Next by thread: Microsoft FUD on binary XML...
Index(es):
- Date
- Thread