OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Features of XML Languages that Increase Complexity?

On 4/14/13 12:08 PM, Costello, Roger L. wrote:
> I reckon there's not much point in creating an awesome XML language
> if its complexity exposes input-processing applications to widespread
> vulnerabilities.

It all depends on the context of that processing.  The vulnerabilities 
you see in XML seem most likely to create denial-of-service 
possibilities, and there are many many cases where at most that creates 
a headache followed by a stern note not to do that again.

If you are striving to create something hardened and operating in real 
time, you probably need either not to use XML or to build some slight 
intelligence and monitoring into your processing system.  I don't think 
any of that work is unusual today.

Letting such processing run fully automatic, especially in an 
environment you consider both critical and already compromised, seems 
like a poor software design decision.

Simon St.Laurent

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS