Re: [xml-dev] Features of XML Languages that Increase Complexity?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

From: "Simon St.Laurent" <simonstl@simonstl.com>
To: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
Date: Sun, 14 Apr 2013 13:39:37 -0400

On 4/14/13 12:08 PM, Costello, Roger L. wrote:
> I reckon there's not much point in creating an awesome XML language
> if its complexity exposes input-processing applications to widespread
> vulnerabilities.

It all depends on the context of that processing.  The vulnerabilities 
you see in XML seem most likely to create denial-of-service 
possibilities, and there are many many cases where at most that creates 
a headache followed by a stern note not to do that again.

If you are striving to create something hardened and operating in real 
time, you probably need either not to use XML or to build some slight 
intelligence and monitoring into your processing system.  I don't think 
any of that work is unusual today.

Letting such processing run fully automatic, especially in an 
environment you consider both critical and already compromised, seems 
like a poor software design decision.

Thanks,
-- 
Simon St.Laurent
http://simonstl.com/

Follow-Ups:
- RE: [xml-dev] Features of XML Languages that Increase Complexity?
  - From: David Lee <dlee@calldei.com>

References:
- Features of XML Languages that Increase Complexity?
  - From: "Costello, Roger L." <costello@mitre.org>
- Re: [xml-dev] Features of XML Languages that Increase Complexity?
  - From: "Simon St.Laurent" <simonstl@simonstl.com>
- RE: [xml-dev] Features of XML Languages that Increase Complexity?
  - From: "Costello, Roger L." <costello@mitre.org>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]