[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] XML Redux
- From: "Pete Cordell" <petexmldev@codalogic.com>
- To: "Richard Salz" <rsalz@us.ibm.com>
- Date: Thu, 17 Feb 2011 17:40:55 -0000
Original Message From: "Richard Salz"
>> For example, all the classes would likely have some common base class
>> interface and be created by some factory or other.
>Eww, yuck. :)
Show me a better way that doesn't require prior knowledge of the XML format.
> More technically, that is not the best way to go if you care about
> performance or security.
> Performance -- Why should I bother to intern a string if it's an
> int? Cf, ....
That method appears to require an a-priori schema. If I have that I don't
need the sender to tell me somethings an int. I already know that. (I do
have to check the right format.)
And as I understand it, the approach described is far from the norm anyway,
and thus only peripherally relevant.
> Security -- why should I let a bad-guy send me millions of bytes
> just to parse the number 23, unless I like DoS attacks? (Of course, a
> really secure solution would have the schema beforehand, but that might
> not always be possible.)
So they send you a million byte string instead, and call it a string! They
can still DoS you. The sender being able to say something's a number
doesn't help with this.
Pete Cordell
Codalogic Ltd
Interface XML to C++ the easy way using C++ XML
data binding to convert XSD schemas to C++ classes.
Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com
for more info
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
