[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] XML is Mobile Code? [was: Defining an XML vocabulary:specify syntax, semantics, and BEHAVIOR?]
- From: Elliotte Harold <elharo@metalab.unc.edu>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Sat, 12 Apr 2008 07:27:42 -0700
Costello, Roger L. wrote:
> Hi Folks,
>
> It just occurred to me ...
>
> We have determined that XML has two primary roles:
>
> 1. Encode behavior (instructions)
>
> 2. Encode data
>
> I am surely missing something. Please tell me where my thinking errs.
>
Your error is in clearly delineating behavior and data. There's not
really such an obvious distinction. Encoded instructions are data.
Whether any given XML stream (or byte stream) is interpreted as
instructions depends on the process reading them. It is not fundamental
in the data itself.
XML encodes information. There is no limit on the information it
encodes. *Anything* that can be digitized can be encoded in XML. At a
base level, the security implications of XML are the same as the
security implications of arbitrary binary data.
It is not clear that discussing security at this level is useful.
--
Elliotte Rusty Harold elharo@metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
