[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
RE: [xml-dev] Features of XML Languages that Increase Complexity?
- From: David Lee <dlee@calldei.com>
- To: Simon St.Laurent <simonstl@simonstl.com>, "xml-dev@lists.xml.org"<xml-dev@lists.xml.org>
- Date: Sun, 14 Apr 2013 18:28:09 +0000
>>>>
Roger listed some aspects at the beginning of the thread (today,
7:55am). If those are the criteria, I don't think XML is ever likely to
be a good choice - except perhaps for a deliberately chosen subset.
<<<<
Yes I read those. And those are normal things one might put in a data structure reguardless of the markup format.
So I am curious why the statement that one shouldn't use XML ... that is what makes it *more insecure* then other formats ?
Lets ignore things like embedded JavaScript ...
What *specifically* about XML makes it less secure *intrinsically* ?
Even simple formats like CSV can suffer from DOS attacks (say sending a infinitely long line of text without a field separator ?)
None of the things Rodger mentioned , in my mind, make XML *inherently less secure* then any other data representation modeling the same data. What about the *format* makes it more prone to attacks ?
Say Recursion (one of the listed items)...
If recursion was not allowed, but yet someone sent a recusive document ... it would be up to the *processor* not the format,, to protect against infinate recursion (same as its up to the *CSV processor* to prevent a buffer overflow).
----------------------------------------
David A. Lee
dlee@calldei.com
http://www.xmlsh.org
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
