OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: [xml-dev] The <any/> element: bane of security or savior of versioning?

> > When Any occurs in xml documents that are ran through process X the 
> > system crashes.

Well, clearly you should either fix the bug in the application or put a
fence around it to protect it from data it can't handle. But the problem is
just as likely to be that it fails on characters above 65535 as that it
fails on unexpected elements. Banning xs:any because some applications have
bugs is like banning high Unicode characters because some applications have
bugs. It's not xs:any that's the security weakness, it's the buggy

Michael Kay

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS