[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
RE: [xml-dev] My report on experiments with unused namespaces
- From: Richard Salz <rsalz@us.ibm.com>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Wed, 22 Sep 2010 10:14:28 -0400
"Costello, Roger L." <costello@mitre.org> wrote on 09/22/2010 04:58:34 AM:
> ... unused namespaces can contain
> large amounts of information which is unchecked by XML applications
> ...
> This is a significant concern for me and others.
Really? A *significant* concern? I am skeptical. As others have pointed
out, there are many ways to have covert channels in an XML document.
> Goal: identify and eliminate unused namespaces.
I don't believe you can do this unless you have a schema (XSD, or maybe
Relax) that completely describes the content. Without that you have no way
of knowing where QName's can appear in content. And even then, you have
to be able to parse all content -- how many QName's in this element:
"<analogy>a:b :: c:d</analogy>"
/r$
--
STSM, WebSphere Appliance Architect
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
