RE: [xml-dev] The <any/> element: bane of security or savior ofversionin

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

RE: [xml-dev] The <any/> element: bane of security or savior ofversioning?

From: Rick Jelliffe <rjelliffe@allette.com.au>
To: xml-dev@lists.xml.org
Date: Sat, 20 Oct 2007 03:17:24 +1000

On Fri, 2007-10-19 at 17:08 +0100, Michael Kay wrote:
> > > When Any occurs in xml documents that are ran through process X the 
> > > system crashes.
> 
> Well, clearly you should either fix the bug in the application or put a
> fence around it to protect it from data it can't handle. 

Doesn't this assume open source or system configurability?  

Or, to put it another way, when people don't have access to the source
or when they are required to use canned COTS installations out of their
control, almost any feature badly implemented can be labelled a risk. So
what people are identifying is not a risk of XML but a risk of some
applications they have seen. 

Cheers
Rick Jelliffe

References:
- The <any/> element: bane of security or savior of versioning?
  - From: "Costello, Roger L." <costello@mitre.org>
- Re: [xml-dev] The <any/> element: bane of security or savior of versioning?
  - From: David Carlisle <davidc@nag.co.uk>
- Re: [xml-dev] The <any/> element: bane of security or savior of versioning?
  - From: "bryan rasmussen" <rasmussen.bryan@gmail.com>
- Re: [xml-dev] The <any/> element: bane of security or savior of versioning?
  - From: "bryan rasmussen" <rasmussen.bryan@gmail.com>
- RE: [xml-dev] The <any/> element: bane of security or savior of versioning?
  - From: "Michael Kay" <mike@saxonica.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]