xml-dev - RE: [xml-dev] Extra headaches of securing XML

RE: [xml-dev] Extra headaches of securing XML

[ Lists Home | Date Index | Thread Index ]

To: 'Tim Bray' <tbray@textuality.com>
Subject: RE: [xml-dev] Extra headaches of securing XML
From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Date: Tue, 30 Mar 2004 12:44:58 -0600
Cc: "'Hunsberger, Peter'" <Peter.Hunsberger@stjude.org>, xml-dev@lists.xml.org, Gerben Rampaart <VisualBasic@Home.nl>

That would be my take too.  We're outdriving the headlights 
on roads we've not traveled.  When asked to rebut, I replied 
that they should get security experts and recommended one 
from this list as a place to start.  These are issues worth 
understanding better.

len


From: Tim Bray [mailto:tbray@textuality.com]

On Mar 30, 2004, at 8:40 AM, Bullard, Claude L (Len) wrote:

> It isn't a very good article.

It could have been worse.  His editor was telling him to write that XML 
was inherently less secure because it was textual and therefore more 
readable.  Yow.  With respect to Web Services, I think the key point is 
indeed that all this WS-mumble stuff is becoming frighteningly complex 
and I'd bet a zillion bucks that there are awful vulnerabilities 
lurking in the cracks where nobody could possibly have thought to look. 
  -Tim

Prev by Date: Re: [xml-dev] Extra headaches of securing XML
Next by Date: SAX2: When to resolve System Ids
Previous by thread: Re: [xml-dev] Extra headaches of securing XML
Next by thread: RE: [xml-dev] Extra headaches of securing XML
Index(es):
- Date
- Thread