OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: [xml-dev] Features of XML Languages that Increase Complexity?

Roger listed some aspects at the beginning of the thread (today, 
7:55am).  If those are the criteria, I don't think XML is ever likely to 
be a good choice - except perhaps for a deliberately chosen subset.

Yes I read those. And those are normal things one might put in a data structure reguardless of the markup format.
So I am curious why the statement that one shouldn't use XML ... that is what makes it *more insecure* then other formats ?
Lets ignore things like embedded JavaScript ... 

What *specifically* about XML makes it less secure *intrinsically* ?
Even simple formats like CSV can suffer from DOS attacks (say sending a infinitely long line of text without a field separator ?)

None of the things Rodger mentioned , in my mind, make XML *inherently less secure* then any other data representation modeling the same data.  What about the *format* makes it more prone to attacks ?

Say Recursion (one of the listed items)... 
If recursion was not allowed, but yet someone sent a recusive document ... it would be up to the *processor* not the format,, to protect against infinate recursion (same as its up to the *CSV processor* to prevent a buffer overflow).

David A. Lee

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS