XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] md5sum / sha1sum for XML?
Dave,

btw, if you are worried about integrity, then you need to transmit the
md5sum/sha1sum outside of the payload. We are using our own protocol so
it is easy for doing it...

eg..

send..

take document#=56,Document_Type&="Purchase Order",
md5sum&="3334-3453-234" lines#=4
-<Purchase Order>
- Customer_name&="Fred Tapping" 
  <Line Item> Product_Code&="A5986" Quantity#=3 </Line Item>
-</Purchase Order>

After transmission, the xml is stored in a memo field in the database.
Other fields go into other rows in the database.

The only real way to check for tampering is to provide a mechanism to
check back with the sender what the original checksum was. However, in a
workflow situation, this may be difficult. It is a reality that purchase
orders or most xml documents will get changed over their lifecycle.

So the original military security criteria of checking for tampering in
a message originally developed in the 1930's becomes somewhat irrelevant
in a business context.

As per my earlier email this week, we get a lot of people working in IT
from the military and they bring a special type of variety that us civis
can only view as being a bit different than the way we would normally
work but that is fine by me.

Regards

David

On Sun, 2006-07-16 at 08:43 +0100, Dave Pawson wrote:
> On Sun, 2006-07-16 at 09:02 +1000, David Lyon wrote:
> 
> > It's a one way trip. From Excel/CSV/Text to SQL via XML.
> > 
> > It isn't perfect as you say. The spreadsheet price reader doesn't always
> > get it 100% right. But it will improve over time.
> 
> I found the ODF spreadsheet XML very easy to use (as XML).
> May help you, and imports M$ Excel easily enough.
> 
> 
> 
> 
> > That's what you're working on at the moment. :-)
> > 
> > For us, the spreadsheets come in by email so they are already
> > transmitted in the clear. Maybe we could add encryption but that would
> > be for a more expensive commercial version of the product at a later
> > stage. Security stuff is quite complicated. 
> 
> Yes. Especially with lots of users.
> 
> Good luck David.
> 
> 
> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2006 XML.org. This site is hosted by OASIS