Lists Home |
Date Index |
On Tue, 30 Mar 2004, Rich Salz wrote:
> > and I'd bet a zillion bucks that there are awful vulnerabilities lurking
> > in the cracks where nobody could possibly have thought to look. -Tim
> There are some that are inherent in XML itself: entities for example,
> and the fact that there are no size limits (element name with 1e6
> characters, or 1e6 attributes, or a document 1e6 elements deep). This
> makes XML inherently more "dangerous" than classic binary formats like
Maybe SGML would be more secure? Hard limits on element name sizes and
attribute counts could be enforced in the SGML declaration.
// Gregory Murphy. Isopaleocopria.