OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] XML Redux

Original Message From: "Richard Salz"

>> For example, all the classes would likely have some common base class
>> interface and be created by some factory or other.

>Eww, yuck. :)

Show me a better way that doesn't require prior knowledge of the XML format.

> More technically, that is not the best way to go if you care about
> performance or security.

>        Performance -- Why should I bother to intern a string if it's an
> int?  Cf, ....

That method appears to require an a-priori schema.  If I have that I don't 
need the sender to tell me somethings an int.  I already know that.  (I do 
have to check the right format.)

And as I understand it, the approach described is far from the norm anyway, 
and thus only peripherally relevant.

>        Security -- why should I let a bad-guy send me millions of bytes
> just to parse the number 23, unless I like DoS attacks?  (Of course, a
> really secure solution would have the schema beforehand, but that might
> not always be possible.)

So they send you a million byte string instead, and call it a string!  They 
can still DoS you.  The sender being able to say something's a number 
doesn't help with this.

Pete Cordell
Codalogic Ltd
Interface XML to C++ the easy way using C++ XML
data binding to convert XSD schemas to C++ classes.
Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com
for more info

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS