[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] RE: Compelling use case for XML Catalogs?
- From: John Cowan <cowan@mercury.ccil.org>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Mon, 13 Jun 2011 11:05:54 -0400
Costello, Roger L. scripsit:
> Does XML Catalog have the ability to express this:
[snip various conditional things]
No, of course not. Catalogs can only express one thing: when you
see this URI, use this other URI instead. (And ditto for public
identifiers.)
> If it does not, how would you avoid a spoofing attack?
You can't. If you want to make sure a document that you have received
validates against a DTD of your choice, convert the DTD to a RELAX NG
schema and validate against that instead. Because you get to specify
the schema to validate against, this is safe.
In general, XML validation asks the question "Is this document
self-consistent?" because the DTD is really part of the document. XSD
validation (at least with typical XSD tools) asks the question "Is this
document consistent with the schemas it refers to?" RNG validation asks
the question "Is this document consistent with this schema?" IMHO the
last is the most interesting question.
--
But the next day there came no dawn, John Cowan
and the Grey Company passed on into the cowan@ccil.org
darkness of the Storm of Mordor and were http://www.ccil.org/~cowan
lost to mortal sight; but the Dead
followed them. --"The Passing of the Grey Company"
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
