XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
XML is Mobile Code? [was: Defining an XML vocabulary: specify syntax, semantics, and BEHAVIOR?]

Hi Folks,

It just occurred to me ...

We have determined that XML has two primary roles:

    1. Encode behavior (instructions)

    2. Encode data

[Len, what does it mean to "encode script nodes?"]

In its first role (encoding behavior), XML is mobile code.  For
example, the XSLT vocabulary is an encoding of a certain behavior (i.e.
an encoding of a certain set of instructions), and when you transport
an XSLT document across the Internet, you are transporting code. 

When you transport, say, JavaScript code across the Internet, you know
the extent of the security implications since JavaScript is a bounded
syntax with bounded capabilities (and a bounded set of security
problems).

But XML is unbounded, and the types of behavior that may be encoded in
XML is unbounded.  Thus, there is no way, in general, to assess the
extent of the security implications for arbitrary XML documents.
Yikes!  

I am surely missing something.  Please tell me where my thinking errs.

/Roger



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS